2016-10-05 18:13:23 |
Wise Melon |
bug |
|
|
added bug |
2016-10-05 18:13:41 |
Wise Melon |
information type |
Public |
Public Security |
|
2016-10-05 18:19:39 |
Wise Melon |
cve linked |
|
2016-8332 |
|
2016-10-05 18:23:57 |
Wise Melon |
tags |
|
precise trusty xenial |
|
2016-10-05 18:24:03 |
Wise Melon |
tags |
precise trusty xenial |
precise trusty xenial yakkety |
|
2016-10-05 19:14:31 |
Wise Melon |
summary |
Backport in patch to fix CVE-2016-8332 |
CVE-2016-8332 allows an out-of-bound heap write to occur resulting in heap corruption and arbitrary code execution |
|
2016-10-05 19:41:12 |
Wise Melon |
description |
A security vulnerability was recently disclosed in openjpeg and assigned the CVE number of CVE-2016-8332.
The vulnerability is described here (http://www.zdnet.com/article/openjpeg-zero-day-flaw-leads-to-remote-code-execution/):
"
Cisco Talos researchers have uncovered a severe zero-day flaw in the OpenJPEG JPEG 2000 codec which could lead to remote code execution on compromised systems.
On Friday, researchers from Cisco revealed the existence of the zero-day flaw in the JPEG 2000 image file format parser implemented in OpenJPEG library. The out-of-bounds vulnerability, assigned as CVE-2016-8332, could allow an out-of-bound heap write to occur resulting in heap corruption and arbitrary code execution.
OpenJPEG is an open-source JPEG 2000 codec. Written in C, the software was created to promote JPEG 2000, an image compression standard which is in popular use and is often used for tasks including embedding images within PDF documents through software including Poppler, MuPDF and Pdfium.
The bug, assigned a CVSS score of 7.5, was caused by errors in parsing mcc records in the jpeg2000 file, resulting in "an erroneous read and write of adjacent heap area memory." If manipulated, these errors can lead to heap metadata process memory corruption.
In a security advisory, the team said the security vulnerability can be exploited by attackers if victims open specifically crafted, malicious JPEG 2000 images. For example, if this content was within a phishing email or hosted on legitimate services such as Google Drive or Dropbox, once downloaded to their system, the path is created for attackers to execute code remotely.
The vulnerability was discovered by Aleksander Nikolic from the Cisco Talos security team in OpenJpeg openjp2 version 2.1.1.
Cisco Talos disclosed the vulnerability to affected vendors on 26 July, granting them time to prepare patches to fix the problem before public release.
"
I am filing this report as a fix for the issue doesn't seem to have yet been backported in and given the importance of the issue and the ease in exploiting it, it would be good if this is done soon. |
A security vulnerability was recently disclosed in openjpeg and assigned the CVE number of CVE-2016-8332.
The vulnerability is described here (http://www.zdnet.com/article/openjpeg-zero-day-flaw-leads-to-remote-code-execution/):
"
Cisco Talos researchers have uncovered a severe zero-day flaw in the OpenJPEG JPEG 2000 codec which could lead to remote code execution on compromised systems.
On Friday, researchers from Cisco revealed the existence of the zero-day flaw in the JPEG 2000 image file format parser implemented in OpenJPEG library. The out-of-bounds vulnerability, assigned as CVE-2016-8332, could allow an out-of-bound heap write to occur resulting in heap corruption and arbitrary code execution.
OpenJPEG is an open-source JPEG 2000 codec. Written in C, the software was created to promote JPEG 2000, an image compression standard which is in popular use and is often used for tasks including embedding images within PDF documents through software including Poppler, MuPDF and Pdfium.
The bug, assigned a CVSS score of 7.5, was caused by errors in parsing mcc records in the jpeg2000 file, resulting in "an erroneous read and write of adjacent heap area memory." If manipulated, these errors can lead to heap metadata process memory corruption.
In a security advisory, the team said the security vulnerability can be exploited by attackers if victims open specifically crafted, malicious JPEG 2000 images. For example, if this content was within a phishing email or hosted on legitimate services such as Google Drive or Dropbox, once downloaded to their system, the path is created for attackers to execute code remotely.
The vulnerability was discovered by Aleksander Nikolic from the Cisco Talos security team in OpenJpeg openjp2 version 2.1.1.
Cisco Talos disclosed the vulnerability to affected vendors on 26 July, granting them time to prepare patches to fix the problem before public release.
"
I am filing this report as a fix for the issue doesn't seem to have yet been backported in and given the importance of the issue and the ease in exploiting it, it would be good if this is done soon.
This is the fix on GitHub: https://github.com/uclouvain/openjpeg/pull/820/files |
|
2016-10-05 20:52:08 |
Wise Melon |
bug task added |
|
openjpeg2 (Ubuntu) |
|
2016-10-06 11:49:34 |
Marc Deslauriers |
openjpeg (Ubuntu): status |
New |
Incomplete |
|
2016-10-06 11:49:36 |
Marc Deslauriers |
openjpeg2 (Ubuntu): status |
New |
Incomplete |
|
2016-10-08 19:22:09 |
Wise Melon |
summary |
CVE-2016-8332 allows an out-of-bound heap write to occur resulting in heap corruption and arbitrary code execution |
Fix for CVE-2016-8332 and CVE-2016-7163 |
|
2016-10-08 19:22:13 |
Wise Melon |
description |
A security vulnerability was recently disclosed in openjpeg and assigned the CVE number of CVE-2016-8332.
The vulnerability is described here (http://www.zdnet.com/article/openjpeg-zero-day-flaw-leads-to-remote-code-execution/):
"
Cisco Talos researchers have uncovered a severe zero-day flaw in the OpenJPEG JPEG 2000 codec which could lead to remote code execution on compromised systems.
On Friday, researchers from Cisco revealed the existence of the zero-day flaw in the JPEG 2000 image file format parser implemented in OpenJPEG library. The out-of-bounds vulnerability, assigned as CVE-2016-8332, could allow an out-of-bound heap write to occur resulting in heap corruption and arbitrary code execution.
OpenJPEG is an open-source JPEG 2000 codec. Written in C, the software was created to promote JPEG 2000, an image compression standard which is in popular use and is often used for tasks including embedding images within PDF documents through software including Poppler, MuPDF and Pdfium.
The bug, assigned a CVSS score of 7.5, was caused by errors in parsing mcc records in the jpeg2000 file, resulting in "an erroneous read and write of adjacent heap area memory." If manipulated, these errors can lead to heap metadata process memory corruption.
In a security advisory, the team said the security vulnerability can be exploited by attackers if victims open specifically crafted, malicious JPEG 2000 images. For example, if this content was within a phishing email or hosted on legitimate services such as Google Drive or Dropbox, once downloaded to their system, the path is created for attackers to execute code remotely.
The vulnerability was discovered by Aleksander Nikolic from the Cisco Talos security team in OpenJpeg openjp2 version 2.1.1.
Cisco Talos disclosed the vulnerability to affected vendors on 26 July, granting them time to prepare patches to fix the problem before public release.
"
I am filing this report as a fix for the issue doesn't seem to have yet been backported in and given the importance of the issue and the ease in exploiting it, it would be good if this is done soon.
This is the fix on GitHub: https://github.com/uclouvain/openjpeg/pull/820/files |
* Impact
- CVE-2016-8332:
Out-of-bound heap write possible resulting in heap corruption and arbitrary code execution
- CVE-2016-7163:
Integer overflow possible resulting in arbitrary code execution via a crafted JP2 file, triggering out-of-bound read or write
* Test case
- CVE-2016-8332:
Information on exploit: http://www.talosintelligence.com/reports/TALOS-2016-0193/
- CVE-2016-7163:
I haven't been able to find information on the exploit for this except for the information given here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7163
* Regression potential
These patches have not been tested as I currently do not have the resources to do so.
----------------------------------
Original report:
A security vulnerability was recently disclosed in OpenJPEG and assigned the CVE number of CVE-2016-8332.
The vulnerability is described here (http://www.zdnet.com/article/openjpeg-zero-day-flaw-leads-to-remote-code-execution/):
"
Cisco Talos researchers have uncovered a severe zero-day flaw in the OpenJPEG JPEG 2000 codec which could lead to remote code execution on compromised systems.
On Friday, researchers from Cisco revealed the existence of the zero-day flaw in the JPEG 2000 image file format parser implemented in OpenJPEG library. The out-of-bounds vulnerability, assigned as CVE-2016-8332, could allow an out-of-bound heap write to occur resulting in heap corruption and arbitrary code execution.
OpenJPEG is an open-source JPEG 2000 codec. Written in C, the software was created to promote JPEG 2000, an image compression standard which is in popular use and is often used for tasks including embedding images within PDF documents through software including Poppler, MuPDF and Pdfium.
The bug, assigned a CVSS score of 7.5, was caused by errors in parsing mcc records in the jpeg2000 file, resulting in "an erroneous read and write of adjacent heap area memory." If manipulated, these errors can lead to heap metadata process memory corruption.
In a security advisory, the team said the security vulnerability can be exploited by attackers if victims open specifically crafted, malicious JPEG 2000 images. For example, if this content was within a phishing email or hosted on legitimate services such as Google Drive or Dropbox, once downloaded to their system, the path is created for attackers to execute code remotely.
The vulnerability was discovered by Aleksander Nikolic from the Cisco Talos security team in OpenJpeg openjp2 version 2.1.1.
Cisco Talos disclosed the vulnerability to affected vendors on 26 July, granting them time to prepare patches to fix the problem before public release.
"
I am filing this report as a fix for the issue doesn't seem to have yet been backported in and given the importance of the issue and the ease in exploiting it, it would be good if this is done soon.
This is the fix on GitHub: https://github.com/uclouvain/openjpeg/pull/820/files |
|
2016-10-08 19:22:22 |
Wise Melon |
cve linked |
|
2014-7945 |
|
2016-10-08 19:22:22 |
Wise Melon |
cve linked |
|
2014-7947 |
|
2016-10-08 19:22:22 |
Wise Melon |
cve linked |
|
2015-8871 |
|
2016-10-08 19:22:22 |
Wise Melon |
cve linked |
|
2016-1923 |
|
2016-10-08 19:22:22 |
Wise Melon |
cve linked |
|
2016-1924 |
|
2016-10-08 19:22:22 |
Wise Melon |
cve linked |
|
2016-3181 |
|
2016-10-08 19:22:22 |
Wise Melon |
cve linked |
|
2016-3182 |
|
2016-10-08 19:22:22 |
Wise Melon |
cve linked |
|
2016-3183 |
|
2016-10-08 19:22:22 |
Wise Melon |
cve linked |
|
2016-4796 |
|
2016-10-08 19:22:22 |
Wise Melon |
cve linked |
|
2016-4797 |
|
2016-10-08 19:22:22 |
Wise Melon |
cve linked |
|
2016-7163 |
|
2016-10-08 19:22:22 |
Wise Melon |
cve linked |
|
2016-7445 |
|
2016-10-08 19:22:40 |
Wise Melon |
attachment added |
|
openjpeg2FixCVE-2016-8332+CVE-2016-7163Yakkety.debdiff https://bugs.launchpad.net/ubuntu/+source/openjpeg/+bug/1630702/+attachment/4757533/+files/openjpeg2FixCVE-2016-8332+CVE-2016-7163Yakkety.debdiff |
|
2016-10-08 19:22:46 |
Wise Melon |
attachment added |
|
openjpeg2FixCVE-2016-8332+CVE-2016-7163Xenial.debdiff https://bugs.launchpad.net/ubuntu/+source/openjpeg/+bug/1630702/+attachment/4757534/+files/openjpeg2FixCVE-2016-8332+CVE-2016-7163Xenial.debdiff |
|
2016-10-08 19:24:47 |
Wise Melon |
openjpeg2 (Ubuntu): status |
Incomplete |
Confirmed |
|
2016-10-08 19:24:54 |
Wise Melon |
bug task deleted |
openjpeg (Ubuntu) |
|
|
2016-10-08 19:25:08 |
Wise Melon |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
2016-10-08 19:27:17 |
Wise Melon |
tags |
precise trusty xenial yakkety |
xenial yakkety |
|
2016-10-08 22:43:19 |
Mathew Hodson |
openjpeg2 (Ubuntu): importance |
Undecided |
Medium |
|
2016-10-08 22:43:27 |
Mathew Hodson |
tags |
xenial yakkety |
patch xenial yakkety |
|
2016-10-09 16:44:33 |
Jeremy BĂcha |
bug |
|
|
added subscriber Jeremy Bicha |
2016-10-11 21:44:04 |
Wise Melon |
openjpeg2 (Ubuntu): assignee |
|
Nikita Yerenkov-Scott (yerenkov-scott) |
|
2016-10-14 11:49:41 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Xenial |
|
2016-10-14 11:49:41 |
Marc Deslauriers |
bug task added |
|
openjpeg2 (Ubuntu Xenial) |
|
2016-10-14 11:49:41 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Yakkety |
|
2016-10-14 11:49:41 |
Marc Deslauriers |
bug task added |
|
openjpeg2 (Ubuntu Yakkety) |
|
2016-10-14 11:49:50 |
Marc Deslauriers |
openjpeg2 (Ubuntu Xenial): status |
New |
Confirmed |
|
2016-10-14 11:49:53 |
Marc Deslauriers |
openjpeg2 (Ubuntu Xenial): importance |
Undecided |
Medium |
|
2016-10-14 12:39:20 |
Launchpad Janitor |
openjpeg2 (Ubuntu Yakkety): status |
Confirmed |
Fix Released |
|
2016-10-14 12:39:22 |
Launchpad Janitor |
openjpeg2 (Ubuntu Xenial): status |
Confirmed |
Fix Released |
|