SB2021012622 - Gentoo update for OpenJPEG
Published: January 26, 2021 Updated: July 1, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2018-21010)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
2) Infinite loop (CVE-ID: CVE-2019-12973)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c in Open JPEG. A remote attacker can create a specially crafted .bmp file, pass it to the affected application and perform denial of service (DoS) attack.
3) Use-after-free (CVE-ID: CVE-2020-15389)
The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.
4) Heap-based buffer overflow (CVE-ID: CVE-2020-27814)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in lib/openjp2/mqc.c. A remote attacker can pass specially crafted image to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Heap-based buffer overflow (CVE-ID: CVE-2020-27841)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can pass specially crafted image to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) NULL pointer dereference (CVE-ID: CVE-2020-27842)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in openjpeg's t2 encoder in versions prior to 2.4.0. A remote attacker can pass specially crafted image to the application and perform a denial of service (DoS) attack.
7) Out-of-bounds read (CVE-ID: CVE-2020-27843)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted image, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
8) Heap-based buffer overflow (CVE-ID: CVE-2020-27844)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in lib/openjp2/t2.c. A remote attacker can pass specially crafted image to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Heap-based buffer overflow (CVE-ID: CVE-2020-27845)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in lib/openjp2/pi.c. A remote attacker can pass specially crafted image, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.