Ubuntu
openjpeg package

(CVE-2012-3358) CVE-2012-3358 openjpeg: heap-based buffer overflow when processing JPEG2000 image files

Bug #1023259 reported by Karma Dorje
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openjpeg (Debian)
Fix Released
Unknown
openjpeg (Fedora)
Fix Released
High
openjpeg (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

A heap-based buffer overflow was found in the way OpenJPEG, an
open-source JPEG 2000 codec written in C language, performed parsing of
JPEG2000 having certain number of tiles and tilesizes. A remote
attacker could provide a specially crafted JPEG 2000 file, which when
opened in an application linked against openjpeg would lead to that
application crash, or, potentially arbitrary code execution with the
privileges of the user running the application.

Upstream patch:
http://code.google.com/p/openjpeg/source/detail?r=1727

References:
https://bugzilla.redhat.com/show_bug.cgi?id=835767
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681075

This issue has been assigned CVE-2012-3358

CVE References

Revision history for this message
In , Huzaifa (huzaifa-redhat-bugs) wrote :

A heap-based buffer overflow was found in the way OpenJPEG, an open-source JPEG 2000 codec written in C language, performed parsing of JPEG2000 having certain number of tiles and tilesizes. A remote attacker could provide a specially crafted JPEG 2000 file, which when opened in an application linked against openjpeg would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application.

Revision history for this message
In , Tom (tom-redhat-bugs) wrote :

Created attachment 594684
openjpeg-tile-sanity.patch

Um, this is the relevant patch, not that one.

Revision history for this message
In , Vincent (vincent-redhat-bugs) wrote :

This is now public:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681075

Revision history for this message
In , Huzaifa (huzaifa-redhat-bugs) wrote :

Here is the upstream commit:

http://code.google.com/p/openjpeg/source/detail?r=1727

Revision history for this message
In , Huzaifa (huzaifa-redhat-bugs) wrote :

Created openjpeg tracking bugs for this issue

Affects: fedora-all [bug 839125]

Karma Dorje (taaroa)
visibility: private → public
Revision history for this message
In , errata-xmlrpc (errata-xmlrpc-redhat-bugs) wrote :

This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:1068 https://rhn.redhat.com/errata/RHSA-2012-1068.html

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Changed in openjpeg (Ubuntu):
status: New → Triaged
Bug Watch Updater (bug-watch-updater)
Changed in openjpeg (Debian):
status: Unknown → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This was fixed in 1.3+dfsg-4.4

Changed in openjpeg (Ubuntu):
status: Triaged → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in openjpeg (Fedora):
importance: Unknown → High
status: Unknown → Fix Released
Mathew Hodson (mhodson)
Changed in openjpeg (Ubuntu):
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.