Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2016-9581

Published: 1 August 2018

An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.

Notes

AuthorNote
ccdm94
It seems like commit a817832c223 (szukw000:AFL_PATCH_0) was the final
commit created by a contributor in order to fix this issue. This
commit contains the changes in commit cadff5fb6e7 (szukw000:ISSUE-871-872)
which originally attempts to fix this issue. Commit a817832c223
(pull request 895 for more information) contains the changes in commit
cadff5fb6e7, which fixes more than just this issue. Commit a817832c223
was never merged, however, and instead, was broken down into various
other commits by upstream, and those were merged instead. These commits
are the following: 178194c0934, 6c4e5bacb9d, 820fcfe8bb1, e03e9474667,
c5bf5ef4d65 and 16aeb9282f6, which are all referenced in pull request
895 (not merged, but the previously mentioned commits reference this
PR and therefore their links can be accessed through it). Parts of
commit a817832c223 have also been refactored and added to commit
0394f8d0f1c, which was actually merged. This commit might also contain
changes which contribute to fixing this issue. However, do note that
this last commit introduced regressions, and further changes had to
be made in order to fix those. More can be seen in pull request 975.
The patches that fix this issue are also related to CVE-2016-9572.

Priority

Medium

Cvss 3 Severity Score

8.8

Score breakdown

Status

Package Release Status
openjpeg
Launchpad, Ubuntu, Debian
upstream
Released (2.2.0)
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

focal Does not exist

jammy Does not exist

trusty Ignored
(changes too intrusive)
xenial Ignored
(changes too intrusive)
kinetic Does not exist

Patches:
upstream: https://github.com/uclouvain/openjpeg/commit/178194c093422c9564efc41f9ecb5c630b43f723
upstream: https://github.com/uclouvain/openjpeg/commit/6c4e5bacb9d9791fc6ff074bd7958b3820d70514
upstream: https://github.com/uclouvain/openjpeg/commit/820fcfe8bb101a2862c076b02c9b6b636ce39d2f
upstream: https://github.com/uclouvain/openjpeg/commit/e03e9474667e5117341351699f0b1dbb06f93346
upstream: https://github.com/uclouvain/openjpeg/commit/c5bf5ef4d6552e9159aaad29cb27826acd1a3389
upstream: https://github.com/uclouvain/openjpeg/commit/16aeb9282f6b3877aa8365c461ba8d3d1338adae






openjpeg2
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(2.3.0-1)
cosmic Ignored
(end of life)
disco Ignored
(end of life)
focal Not vulnerable
(2.3.1-1ubuntu4)
jammy Not vulnerable
(2.4.0-6)
kinetic Not vulnerable
(2.5.0-1)
upstream
Released (2.2.0)
artful Ignored
(end of life)
precise Does not exist

trusty Does not exist

xenial Not vulnerable
(code not present)
yakkety Ignored
(end of life)
zesty Ignored
(end of life)
Patches:






upstream: https://github.com/uclouvain/openjpeg/commit/178194c093422c9564efc41f9ecb5c630b43f723
upstream: https://github.com/uclouvain/openjpeg/commit/6c4e5bacb9d9791fc6ff074bd7958b3820d70514
upstream: https://github.com/uclouvain/openjpeg/commit/820fcfe8bb101a2862c076b02c9b6b636ce39d2f
upstream: https://github.com/uclouvain/openjpeg/commit/e03e9474667e5117341351699f0b1dbb06f93346
upstream: https://github.com/uclouvain/openjpeg/commit/c5bf5ef4d6552e9159aaad29cb27826acd1a3389
upstream: https://github.com/uclouvain/openjpeg/commit/16aeb9282f6b3877aa8365c461ba8d3d1338adae

Severity score breakdown

Parameter Value
Base score 8.8
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H