Advisories » MGASA-2014-0182

Updated openjpeg packages fix security vulnerability

Publication date: 17 Apr 2014
Modification date: 17 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0158

Description

Updated openjpeg packages fix security vulnerability:

A heap-based buffer overflow was found in the way openjpeg parsed certain
image files from a JPEG2000 image. If a specially-crafted image were 
opened by an application linked against OpenJPEG, it could cause the
application to crash or, potentially, execute arbitrary code with the
privileges of the user running the application (CVE-2014-0158).
                

References

• https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131474.html
• https://bugs.mageia.org/show_bug.cgi?id=13218
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0158

SRPMS

3/core

• openjpeg-1.5.1-3.2.mga3

4/core

• openjpeg-1.5.1-4.1.mga4