http://bugzilla.suse.com/show_bug.cgi?id=979911 Bug ID: 979911 Summary: VUL-0: CVE-2016-4797: openjpeg: Division-by-zero in function opj_tcd_init_tile in tcd.c Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: asterios.dramis@gmail.com Reporter: abergmann@suse.com QA Contact: qa-bugs@suse.de Found By: Security Response Team Blocker: --- rh#1335483 Divide by zero vulnerability was found in function opj_tcd_init_tile in tcd.c Upstream patch: https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb975... CVE request: http://seclists.org/oss-sec/2016/q2/327 CVE assignment: http://seclists.org/oss-sec/2016/q2/342 Note that the problematic "(OPJ_UINT32)-1) / l_data_size" was apparently introduced in a patch addressing out-of-bounds read (or heap-based buffer over-read) vulnerabilities. See the pdfium.googlesource.com reference in CVE-2014-7947. In other words, CVE-2016-4797 exists because of an incorrect fix for CVE-2014-7947. References: https://bugzilla.redhat.com/show_bug.cgi?id=1335483 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4797 http://seclists.org/oss-sec/2016/q2/342 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4797.html -- You are receiving this mail because: You are on the CC list for the bug.