Closed
Description
Two CVEs are just assigned for OpenJPEG:
- CVE-2016-9580 integer overflow in tiftoimage resulting into heap buffer overflow.
- CVE-2016-9581 infinite loop in tiftoimage resulting into heap buffer overflow in convert_32s_C1P1.
Documented in these two issues, respectively:
- Out-of-Bounds Write issue caused by integer overflow that can occur in function convert_8u32s_C1R()(openjpeg-2.1.2/src/bin/jp2/convert.c:368). uclouvain/openjpeg#871
- Out-of-Bounds Write issue can occur in function convert_32s_C1P1 (openjpeg-2.1.2/src/bin/jp2/convert.c:153) uclouvain/openjpeg#872
Fixes in this commit: