diff options
| author | feld <feld@FreeBSD.org> | 2016-10-11 23:07:54 +0800 |
|---|---|---|
| committer | feld <feld@FreeBSD.org> | 2016-10-11 23:07:54 +0800 |
| commit | 271be106ded7458c6cbac81599196e07f618e7fd (patch) | |
| tree | 146ddc0bfbc6d1249507befa98ca215d3b5e3992 /security | |
| parent | 413ee6035223a1bf0855710870c52ea770262799 (diff) | |
| download | freebsd-ports-graphics-271be106ded7458c6cbac81599196e07f618e7fd.tar.gz freebsd-ports-graphics-271be106ded7458c6cbac81599196e07f618e7fd.tar.zst freebsd-ports-graphics-271be106ded7458c6cbac81599196e07f618e7fd.zip | |
Document openjpeg vulnerability
PR: 212672
Security: CVE-2016-5157
Security: CVE-2016-7163
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index b527fc422f3..1fcf8399355 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,43 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="b7d56d0b-7a11-11e6-af78-589cfc0654e1"> + <topic>openjpeg -- multiple vulnerabilities</topic> + <affects> + <package> + <name>openjpeg</name> + <range><lt>2.1.1_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Tencent's Xuanwu LAB reports:</p> + <blockquote cite="http://www.openwall.com/lists/oss-security/2016/09/08/2"> + <p>A Heap Buffer Overflow (Out-of-Bounds Write) issue was found in + function opj_dwt_interleave_v of dwt.c. This vulnerability allows + remote attackers to execute arbitrary code on vulnerable installations + of OpenJPEG.</p> + <p>An integer overflow issue exists in function opj_pi_create_decode of + pi.c. It can lead to Out-Of-Bounds Read and Out-Of-Bounds Write in + function opj_pi_next_cprl of pi.c (function opj_pi_next_lrcp, + opj_pi_next_rlcp, opj_pi_next_rpcl, opj_pi_next_pcrl may also be + vulnerable). This vulnerability allows remote attackers to execute + arbitrary code on vulnerable installations of OpenJPEG.</p> + </blockquote> + </body> + </description> + <references> + <url>"http://www.openwall.com/lists/oss-security/2016/09/08/2"</url> + <url>"http://www.openwall.com/lists/oss-security/2016/09/08/3"</url> + <cvename>CVE-2016-5157</cvename> + <cvename>CVE-2016-7163</cvename> + </references> + <dates> + <discovery>2016-09-08</discovery> + <entry>2016-10-11</entry> + </dates> + </vuln> + <vuln vid="fa175f30-8c75-11e6-924a-60a44ce6887b"> <topic>redis -- sensitive information leak through command history file</topic> <affects> |