Advisories ยป MGASA-2014-0005

Updated openjpeg package fixes security vulnerabilities

Publication date: 06 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-6045 , CVE-2013-1447 , CVE-2013-6052 , CVE-2013-6053 , CVE-2013-6887

Description

Multiple heap-based buffer overflow flaws were found in OpenJPEG.
An attacker could create a specially crafted OpenJPEG image that, when
opened, could cause an application using openjpeg to crash or, possibly,
execute arbitrary code with the privileges of the user running the
application (CVE-2013-6045).

Multiple denial of service flaws were found in OpenJPEG. An attacker could
create a specially crafted OpenJPEG image that, when opened, could cause
an application using openjpeg to crash (CVE-2013-1447, CVE-2013-6052,
CVE-2013-6053, CVE-2013-6887).
                

References

SRPMS

3/core