Updated openjpeg package fixes security vulnerabilities
Publication date: 06 Jan 2014Modification date: 06 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-6045 , CVE-2013-1447 , CVE-2013-6052 , CVE-2013-6053 , CVE-2013-6887
Description
Multiple heap-based buffer overflow flaws were found in OpenJPEG.
An attacker could create a specially crafted OpenJPEG image that, when
opened, could cause an application using openjpeg to crash or, possibly,
execute arbitrary code with the privileges of the user running the
application (CVE-2013-6045).
Multiple denial of service flaws were found in OpenJPEG. An attacker could
create a specially crafted OpenJPEG image that, when opened, could cause
an application using openjpeg to crash (CVE-2013-1447, CVE-2013-6052,
CVE-2013-6053, CVE-2013-6887).
References
- https://bugs.mageia.org/show_bug.cgi?id=11863
- http://openwall.com/lists/oss-security/2013/12/04/6
- https://rhn.redhat.com/errata/RHSA-2013-1850.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6045
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1447
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6052
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6053
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6887
SRPMS
3/core
- openjpeg-1.5.1-3.1.mga3