| |||||||||||||||||||
Mageia alert MGASA-2012-0152 (openjpeg)
MGASA-2012-0152 Date: July 10th, 2012 Affected releases: 1, 2 Description: Updated openjpeg packages fix security vulnerability: An out-of heap-based buffer bounds read and write flaw, leading to invalid free, was found in the way a tile coder / decoder (TCD) implementation of OpenJPEG, an open-source JPEG 2000 codec written in C language, performed releasing of previously allocated memory for the TCD encoder handle by processing certain Gray16 TIFF images. A remote attacker could provide a specially-crafted TIFF image file, which once converted into the JPEG 2000 file format with an application linked against OpenJPEG (such as 'image_to_j2k'), would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application (CVE-2009-5030). Updated Packages: Mageia 1: lib(64)openjpeg2-1.3-7.1.mga1 lib(64)openjpeg-devel-1.3-7.1.mga1 Mageia 2: openjpeg-1.5.0-1.2.mga2 lib(64)openjpeg1-1.5.0-1.2.mga2 lib(64)openjpeg-devel-1.5.0-1.2.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5030 http://lists.fedoraproject.org/pipermail/package-announce... https://bugs.mageia.org/show_bug.cgi?id=6624 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-... (Log in to post comments)
|
|||||||||||||||||||