Advisories ยป MGASA-2019-0365

Updated openjpeg2 packages fix security vulnerability

Publication date: 06 Dec 2019
Modification date: 06 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-12973

Description

The updated packages fix a security vulnerability:

In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks
function of openjp2/t1.c. Remote attackers could leverage this
vulnerability to cause a denial of service via a crafted bmp file. This
issue is similar to CVE-2018-6616. (CVE-2019-12973)
                

References

SRPMS

7/core