Debian Bug report logs - #672455
CVE-2009-5030: Heap memory corruption leading to invalid free

version graph

Package: libopenjpeg2; Maintainer for libopenjpeg2 is Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>; Source for libopenjpeg2 is src:openjpeg.

Reported by: Henri Salo <henri@nerv.fi>

Date: Fri, 11 May 2012 08:09:01 UTC

Severity: important

Tags: fixed-upstream, patch, security

Found in version openjpeg/1.3+dfsg-4

Fixed in version openjpeg/1.3+dfsg-4.1

Done: Luk Claes <luk@debian.org>

Bug is archived. No further changes may be made.

Forwarded to http://code.google.com/p/openjpeg/issues/detail?id=5

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>:
Bug#672455; Package libopenjpeg2. (Fri, 11 May 2012 08:09:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Henri Salo <henri@nerv.fi>:
New Bug report received and forwarded. Copy sent to Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>. (Fri, 11 May 2012 08:09:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Henri Salo <henri@nerv.fi>
To: submit@bugs.debian.org
Subject: CVE-2009-5030: Heap memory corruption leading to invalid free
Date: Fri, 11 May 2012 11:07:11 +0300
Package: libopenjpeg2
Version: 1.3+dfsg-4
Severity: important
Tags: security

CVE-2009-5030 openjpeg: Heap memory corruption leading to invalid free by processing certain Gray16 TIFF images

https://bugzilla.redhat.com/show_bug.cgi?id=812317
"""
An out-of heap-based buffer bounds read and write flaw, leading to invalid
free, was found in the way a tile coder / decoder (TCD) implementation of
OpenJPEG, an open-source JPEG 2000 codec written in C language, performed
releasing of previously allocated memory for the TCD encoder handle by
processing certain Gray16 TIFF images. A remote attacker could provide a
specially-crafted TIFF image file, which once converted into the JPEG 2000 file
format with an application linked against OpenJPEG (such as 'image_to_j2k'),
would lead to that application crash, or, potentially arbitrary code execution
with the privileges of the user running the application.

Upstream ticket:
http://code.google.com/p/openjpeg/issues/detail?id=5

CVE Request:
http://www.openwall.com/lists/oss-security/2012/04/13/1
"""

-- System Information:
Debian Release: 6.0.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libopenjpeg2 depends on:
ii  libc6                         2.11.3-3   Embedded GNU C Library: Shared lib

libopenjpeg2 recommends no packages.

libopenjpeg2 suggests no packages.

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org, Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>:
Bug#672455; Package libopenjpeg2. (Wed, 30 May 2012 07:21:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mathieu Malaterre <malat@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>. (Wed, 30 May 2012 07:21:04 GMT) Full text and rfc822 format available.

Message #10 received at 672455@bugs.debian.org (full text, mbox):

From: Mathieu Malaterre <malat@debian.org>
To: Control bugs server <control@bugs.debian.org>
Cc: 672455@bugs.debian.org
Date: Wed, 30 May 2012 09:16:56 +0200
tags 672455 fixed-upstream
forwarded 672455 http://code.google.com/p/openjpeg/issues/detail?id=5
thanks

Here is the commit which hides the symptoms:

http://code.google.com/p/openjpeg/source/detail?r=1703




Added tag(s) fixed-upstream. Request was from Mathieu Malaterre <malat@debian.org> to control@bugs.debian.org. (Wed, 30 May 2012 07:21:07 GMT) Full text and rfc822 format available.

Set Bug forwarded-to-address to 'http://code.google.com/p/openjpeg/issues/detail?id=5'. Request was from Mathieu Malaterre <malat@debian.org> to control@bugs.debian.org. (Wed, 30 May 2012 07:21:08 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>:
Bug#672455; Package libopenjpeg2. (Sat, 23 Jun 2012 16:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>. (Sat, 23 Jun 2012 16:33:03 GMT) Full text and rfc822 format available.

Message #19 received at 672455@bugs.debian.org (full text, mbox):

From: Luk Claes <luk@debian.org>
To: 672455@bugs.debian.org
Subject: openjpeg: diff for NMU version 1.3+dfsg-4.1
Date: Sat, 23 Jun 2012 18:31:23 +0200
[Message part 1 (text/plain, inline)]
tags 672455 + patch
tags 672455 + pending
thanks

Dear maintainer,

I've prepared an NMU for openjpeg (versioned as 1.3+dfsg-4.1) and
uploaded it to DELAYED/02. Please feel free to tell me if I
should delay it longer.

Cheers

Luk
[openjpeg-1.3+dfsg-4.1-nmu.diff (text/x-diff, attachment)]

Added tag(s) patch. Request was from Luk Claes <luk@debian.org> to control@bugs.debian.org. (Sat, 23 Jun 2012 16:33:09 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from Luk Claes <luk@debian.org> to control@bugs.debian.org. (Sat, 23 Jun 2012 16:33:10 GMT) Full text and rfc822 format available.

Reply sent to Luk Claes <luk@debian.org>:
You have taken responsibility. (Mon, 25 Jun 2012 16:54:09 GMT) Full text and rfc822 format available.

Notification sent to Henri Salo <henri@nerv.fi>:
Bug acknowledged by developer. (Mon, 25 Jun 2012 16:54:09 GMT) Full text and rfc822 format available.

Message #28 received at 672455-close@bugs.debian.org (full text, mbox):

From: Luk Claes <luk@debian.org>
To: 672455-close@bugs.debian.org
Subject: Bug#672455: fixed in openjpeg 1.3+dfsg-4.1
Date: Mon, 25 Jun 2012 16:50:29 +0000
Source: openjpeg
Source-Version: 1.3+dfsg-4.1

We believe that the bug you reported is fixed in the latest version of
openjpeg, which is due to be installed in the Debian FTP archive:

libopenjpeg-dev_1.3+dfsg-4.1_i386.deb
  to main/o/openjpeg/libopenjpeg-dev_1.3+dfsg-4.1_i386.deb
libopenjpeg2-dbg_1.3+dfsg-4.1_i386.deb
  to main/o/openjpeg/libopenjpeg2-dbg_1.3+dfsg-4.1_i386.deb
libopenjpeg2_1.3+dfsg-4.1_i386.deb
  to main/o/openjpeg/libopenjpeg2_1.3+dfsg-4.1_i386.deb
openjpeg-tools_1.3+dfsg-4.1_i386.deb
  to main/o/openjpeg/openjpeg-tools_1.3+dfsg-4.1_i386.deb
openjpeg_1.3+dfsg-4.1.diff.gz
  to main/o/openjpeg/openjpeg_1.3+dfsg-4.1.diff.gz
openjpeg_1.3+dfsg-4.1.dsc
  to main/o/openjpeg/openjpeg_1.3+dfsg-4.1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 672455@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luk Claes <luk@debian.org> (supplier of updated openjpeg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 23 Jun 2012 18:26:27 +0200
Source: openjpeg
Binary: libopenjpeg-dev libopenjpeg2 libopenjpeg2-dbg openjpeg-tools
Architecture: source i386
Version: 1.3+dfsg-4.1
Distribution: unstable
Urgency: high
Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
Changed-By: Luk Claes <luk@debian.org>
Description: 
 libopenjpeg-dev - development files for libopenjpeg2, a JPEG 2000 image library
 libopenjpeg2 - JPEG 2000 image compression/decompression library
 libopenjpeg2-dbg - debug symbols for libopenjpeg2, a JPEG 2000 image library
 openjpeg-tools - command-line tools using the JPEG 2000 library
Closes: 672455
Changes: 
 openjpeg (1.3+dfsg-4.1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix CVE-2009-5030: Avoid memory overrun (Closes: #672455).
Checksums-Sha1: 
 1eef82b193da7229a3f46aa9457e7f72d1c89c3e 1513 openjpeg_1.3+dfsg-4.1.dsc
 4dc8b8f6276c38b41ecad15e18b9388ac4774b6d 12320 openjpeg_1.3+dfsg-4.1.diff.gz
 7e582c958ceb305db2ed055c0adb40bf3852b00d 95692 libopenjpeg-dev_1.3+dfsg-4.1_i386.deb
 b15722be0375b329bd36517c4d3624c2d866eb71 82258 libopenjpeg2_1.3+dfsg-4.1_i386.deb
 afc73248a54340bed910c25e404bc9a87aea6c94 444790 libopenjpeg2-dbg_1.3+dfsg-4.1_i386.deb
 8ef473316a8134513324e5d2e04bd9816558ff1f 205222 openjpeg-tools_1.3+dfsg-4.1_i386.deb
Checksums-Sha256: 
 4ccb96422036c34e97a77ca58098642897e15d75720ff270292f86212327cbbe 1513 openjpeg_1.3+dfsg-4.1.dsc
 9d2910419168439d130a177d46cb478272672e2388cf2aaa8f6ffeb30663efdf 12320 openjpeg_1.3+dfsg-4.1.diff.gz
 c9f0a1fe2d65a36ddff7e52e8bea473807f90fe261301c158a2eee94691a0962 95692 libopenjpeg-dev_1.3+dfsg-4.1_i386.deb
 9375800186f4932779c40a490286261afb0c16503489b978ca10593a1b572735 82258 libopenjpeg2_1.3+dfsg-4.1_i386.deb
 cc48f48430cb01d6de58c640e85e8d1ce98acb81e4b4b2b1c4fb590ee1688f0d 444790 libopenjpeg2-dbg_1.3+dfsg-4.1_i386.deb
 436ca9c71276d45f2eb846645b84821324306a8d6f18fffc9288bb0dbcfd338e 205222 openjpeg-tools_1.3+dfsg-4.1_i386.deb
Files: 
 293216ee9c0d303af1751772d6aeda94 1513 libs extra openjpeg_1.3+dfsg-4.1.dsc
 1fac18469bd1384e926e996f33bd687d 12320 libs extra openjpeg_1.3+dfsg-4.1.diff.gz
 13d6f9ed5bf1c6e2e25f53e7c5ef2cb7 95692 libdevel extra libopenjpeg-dev_1.3+dfsg-4.1_i386.deb
 dbf86af21aa5ccc606e3cfeef5c1267a 82258 libs extra libopenjpeg2_1.3+dfsg-4.1_i386.deb
 cee090c93e0a9916ac56495053b7a1ee 444790 libdevel extra libopenjpeg2-dbg_1.3+dfsg-4.1_i386.deb
 fc199ed026efc74fb6d02b310a196092 205222 graphics extra openjpeg-tools_1.3+dfsg-4.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk/l72YACgkQ5UTeB5t8Mo1RGQCfe6uROZJs/c+nZe0KxLUgNGvh
yBgAn2hgCAKqeyNcusL4pO/utH2vmx7r
=f5hD
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 26 Jul 2012 07:33:36 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 03:19:24 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.