Candidate: CVE-2016-7163
PublicDate: 2016-09-21 14:25:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7163
Description:
 Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG
 allows remote attackers to execute arbitrary code via a crafted JP2 file,
 which triggers an out-of-bounds read or write.
Ubuntu-Description:
Notes:
Bugs:
 https://github.com/uclouvain/openjpeg/issues/826
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837604
 https://bugs.launchpad.net/ubuntu/+source/openjpeg2/+bug/1630702
Priority: medium
Discovered-by: Ke Liu
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_openjpeg:
upstream_openjpeg: needs-triage
precise_openjpeg: ignored (reached end-of-life)
precise/esm_openjpeg: DNE (precise was needed)
trusty_openjpeg: ignored (out of standard support)
trusty/esm_openjpeg: not-affected (code not present)
vivid/stable-phone-overlay_openjpeg: DNE
vivid/ubuntu-core_openjpeg: DNE
xenial_openjpeg: not-affected (code not present)
yakkety_openjpeg: ignored (reached end-of-life)
zesty_openjpeg: DNE
artful_openjpeg: DNE
bionic_openjpeg: DNE
cosmic_openjpeg: DNE
disco_openjpeg: DNE
eoan_openjpeg: DNE
devel_openjpeg: DNE

Patches_openjpeg2:
 upstream: https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4
 upstream: https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24
upstream_openjpeg2: needs-triage
precise_openjpeg2: DNE
precise/esm_openjpeg2: DNE
trusty_openjpeg2: DNE
trusty/esm_openjpeg2: DNE
vivid/stable-phone-overlay_openjpeg2: DNE
vivid/ubuntu-core_openjpeg2: DNE
xenial_openjpeg2: released (2.1.0-2.1ubuntu0.1)
yakkety_openjpeg2: released (2.1.1-1ubuntu0.1)
zesty_openjpeg2: released (2.1.1-1ubuntu0.1)
artful_openjpeg2: released (2.1.1-1ubuntu0.1)
bionic_openjpeg2: released (2.1.1-1ubuntu0.1)
cosmic_openjpeg2: released (2.1.1-1ubuntu0.1)
disco_openjpeg2: released (2.1.1-1ubuntu0.1)
eoan_openjpeg2: released (2.1.1-1ubuntu0.1)
devel_openjpeg2: released (2.1.1-1ubuntu0.1)