{"id":"MGASA-2017-0122","summary":"Updated openjpeg packages fix security vulnerability","details":"Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in\nOpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow\nremote attackers to cause a denial of service (heap-based buffer overflow)\nor possibly have unspecified other impact via crafted JPEG 2000 data.\n(CVE-2016-5139)\n\nMultiple integer overflows in the opj_tcd_init_tile function in tcd.c in\nOpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on\nWindows and OS X and before 53.0.2785.92 on Linux, allow remote attackers\nto cause a denial of service (heap-based buffer overflow) or possibly have\nunspecified other impact via crafted JPEG 2000 data. (CVE-2016-5158)\n\nMultiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome\nbefore 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux,\nallow remote attackers to cause a denial of service (heap-based buffer\noverflow) or possibly have unspecified other impact via crafted JPEG 2000\ndata that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c.\n(CVE-2016-5159)\n\nInteger overflow in the opj_pi_create_decode function in pi.c in OpenJPEG\nallows remote attackers to execute arbitrary code via a crafted JP2 file,\nwhich triggers an out-of-bounds read or write. (CVE-2016-7163)\n\nAn out-of-bounds read vulnerability was found in OpenJPEG, in the\nj2k_to_image tool. Converting a specially crafted JPEG2000 file to another\nformat could cause the application to crash or, potentially, disclose some\ndata from the heap. (CVE-2016-9573\n","modified":"2026-02-04T03:59:10.567545Z","published":"2017-05-02T06:37:59Z","related":["CVE-2016-5139","CVE-2016-5158","CVE-2016-5159","CVE-2016-7163","CVE-2016-9573"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0122.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20559"},{"type":"REPORT","url":"https://rhn.redhat.com/errata/RHSA-2017-0838.html"}],"affected":[{"package":{"name":"openjpeg","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/openjpeg?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.2-5.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0122.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}