Opened 8 years ago

Closed 7 years ago

Last modified 7 years ago

#8372 closed enhancement (fixed)

openjpeg2-2.1.2 (CVE-2016-7163)

Reported by: bdubbs@… Owned by: bdubbs@…
Priority: high Milestone: 8.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description (last modified by Douglas R. Reno)

New point version

CVE-2016-7163 Integer overflow in opj_pi_create_decode

Change History (4)

comment:1 by Douglas R. Reno, 7 years ago

Description: modified (diff)
Priority: normalhigh
Summary: openjpeg2-2.1.2openjpeg2-2.1.2 (CVE-2016-7163)
v2.1.2 (2016-09-28)

Full Changelog

Closed issues:

    null ptr dereference in convert.c:1331 #843
    Out-of-Bounds Read in function bmp24toimage of convertbmp.c #833
    Disable automatic compilation of t1_generate_luts in CMakeLists.txt #831
    CVE-2016-7163 Integer overflow in opj_pi_create_decode #826
    Security Advisory for OpenJPEG #810
    Add dashboard with static lib #804
    hidden visibility for the static library / building with -DOPJ_STATIC against shared lib #802
    Optimization when building library from source #799
    unsigned int16 on Solaris 11.2/sparc #796
    appveyor #793
    Please make a new release #782
    FFMpeg will not link to 2.1.1 release built as shared library #766
    API change since v2: opj_event_mgr_t not available #754
    openjpeg.h needs dependencies #673
    "master" does not build on ubuntu #658
    Package 'openjp2', required by 'libopenjpip', not found #594

Merged pull requests:

    Fix PNM file reading #847 (mayeut)
    Fix some issues reported by Coverity Scan #846 (stweil)
    Fix potential out-of-bounds read (coverity) #844 (stweil)
    Remove TODO for overflow check #842 (mayeut)
    Add overflow checks for opj_aligned_malloc #841 (mayeut)
    Flags in T1 shall be unsigned #840 (mayeut)
    Fix some warnings #838 (mayeut)
    Fix issue 833. #834 (trylab)
    Add overflow checks for opj_aligned_malloc #832 (mayeut)
    Add test for issue 820 #829 (mayeut)
    Add test for issue 826 #827 (mayeut)
    Fix coverity 113065 (CWE-484) #824 (mayeut)
    Add sanity check for tile coordinates #823 (mayeut)
    Add test for PR 818 #822 (mayeut)
    Update to libpng 1.6.25 #821 (mayeut)
    fix incrementing of "l_tcp->m_nb_mcc_records" in opj_j2k_read_mcc #820 (mayeut)
    Add overflow check in opj_tcd_init_tile #819 (mayeut)
    Fix leak & invalid behavior of opj_jp2_read_ihdr #818 (mayeut)
    Add overflow check in opj_j2k_update_image_data #817 (mayeut)
    Change 'restrict' define to 'OPJ_RESTRICT' #816 (mayeut)
    Switch to clang 3.8 #814 (mayeut)
    Fix an integer overflow issue #809 (trylab)
    Update to lcms 2.8 #808 (mayeut)
    Update to libpng 1.6.24 #807 (mayeut)
    Reenable clang-3.9 build on travis #806 (mayeut)
    Bit fields type #805 (smuehlst)
    Add compilation test for standalone inclusion of openjpeg.h #798 (mayeut)
    jpwl: Remove non-portable data type u_int16_t (fix issue #796) #797 (stweil)
    Fix dependency for pkg-config (issue #594) #795 (stweil)
    Add .gitignore #787 (stweil)

comment:2 by bdubbs@…, 7 years ago

Owner: changed from blfs-book@… to bdubbs@…
Status: newassigned

comment:3 by bdubbs@…, 7 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 17843.

comment:4 by bdubbs@…, 7 years ago

Milestone: 7.118.0

Milestone renamed

Note: See TracTickets for help on using tickets.