SB2016122110 - Buffer overflow in openjpeg (Alpine package)
Published: December 21, 2016
Security Bulletin ID
SB2016122110
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2016-9581)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=26c51e95735136152ea52cc8db8eed2b6f31fde0
- https://git.alpinelinux.org/aports/commit/?id=5c82fd0a2871207bd9352f23c1191e39a0313a86
- https://git.alpinelinux.org/aports/commit/?id=d19c71fc81362c23e49997259591524b35e2eb1b
- https://git.alpinelinux.org/aports/commit/?id=2fdeb6b9f30446dad66fe173663c79d9ff38c4d6
- https://git.alpinelinux.org/aports/commit/?id=91f0ed50281f76fcbbc7760fd7617e01b9a50c47
- https://git.alpinelinux.org/aports/commit/?id=d3f4eafef5b5094a849b82c29be2bc7c796f213d