SB2016091514 - Out-of-bounds read in openjpeg (Alpine package)
Published: September 15, 2016
Security Bulletin ID
SB2016091514
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2016-7163)
The vulnerability allows a local non-authenticated attacker to execute arbitrary code.
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=c1056d67e6379994bfff3cc8ff60b100bb94f0a0
- https://git.alpinelinux.org/aports/commit/?id=5b27b635acbe69cadaffce1fbe4b69d8256c1315
- https://git.alpinelinux.org/aports/commit/?id=63abfe33f12495cf5ac86d5fd590f018538d33b1
- https://git.alpinelinux.org/aports/commit/?id=6dd49eeff4953456d2d668b4e7653967a44a4972
- https://git.alpinelinux.org/aports/commit/?id=cc30e48f2395b7893ffd566af92c1354494a1060