Advisories » MGASA-2015-0398

Updated openjpeg2 package fixes security vulnerability

Publication date: 13 Oct 2015
Modification date: 13 Oct 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-6581

Description

Use-after-free vulnerability was found in j2k.c in opj_j2k_write_mco
function (rhbz#1263359).

Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd
function in j2k.c in OpenJPEG allows remote attackers to execute arbitrary
code or cause a denial of service (heap memory corruption) by triggering a
memory-allocation failure (CVE-2015-6581).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16880
• https://lists.fedoraproject.org/pipermail/package-announce/2015-October/168012.html
• https://lists.fedoraproject.org/pipermail/package-announce/2015-October/168736.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6581

SRPMS

5/core

• openjpeg2-2.1.0-3.2.mga5