Candidate: CVE-2016-8332
PublicDate: 2016-10-28 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8332
 http://www.talosintelligence.com/reports/TALOS-2016-0193/
 https://github.com/uclouvain/openjpeg/pull/820
Description:
 A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when
 parsing a crafted image. An exploitable code execution vulnerability exists
 in the jpeg2000 image file format parser as implemented in the OpenJpeg
 library. A specially crafted jpeg2000 file can cause an out of bound heap
 write resulting in heap corruption leading to arbitrary code execution. For
 a successful attack, the target user needs to open a malicious jpeg2000
 file. The jpeg2000 image file format is mostly used for embedding images
 inside PDF documents and the OpenJpeg library is used by a number of
 popular PDF renderers making PDF documents a likely attack vector.
Ubuntu-Description:
Notes:
 sbeattie> code not present in openjpeg 1.x
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/openjpeg2/+bug/1630702
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_openjpeg:
upstream_openjpeg: needs-triage
precise_openjpeg: not-affected (code not present)
trusty_openjpeg: not-affected (code not present)
trusty/esm_openjpeg: not-affected (code not present)
vivid/stable-phone-overlay_openjpeg: DNE
vivid/ubuntu-core_openjpeg: DNE
xenial_openjpeg: not-affected (code not present)
devel_openjpeg: not-affected (code not present)

Patches_openjpeg2:
 upstream: https://github.com/uclouvain/openjpeg/commit/734d57d5f7842aa7c2c9f36d62131ab4d8bd6c87
 upstream: https://github.com/uclouvain/openjpeg/commit/805972f4c85fd4b34e08e499c12c68334706df47 (testcase)
upstream_openjpeg2: released (2.1.2-1)
precise_openjpeg2: DNE
trusty_openjpeg2: DNE
trusty/esm_openjpeg2: DNE
vivid/stable-phone-overlay_openjpeg2: DNE
vivid/ubuntu-core_openjpeg2: DNE
xenial_openjpeg2: released (2.1.0-2.1ubuntu0.1)
devel_openjpeg2: released (2.1.1-1ubuntu0.1)