Advisories » MGASA-2019-0119

Updated openjpeg2 packages fix security vulnerability

Publication date: 29 Mar 2019
Modification date: 29 Mar 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-14423

Description

Updated openjpeg2 packages fix security vulnerability:

Division-by-zero vulnerabilities in the functions pi_next_pcrl,
pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG
through 2.3.0 allow remote attackers to cause a denial of service
(CVE-2018-14423).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=24511
• https://www.debian.org/security/2019/dsa-4405
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14423

SRPMS

6/core

• openjpeg2-2.2.0-1.4.mga6