Fedora 24: 2016-3b7f39a8c1 Critical: OpenJPEG Heap Overflow Issues
fedora
January 1, 2017
This update fixes CVE-2016-9580 and CVE-2016-9581.
Summary
The OpenJPEG library is an open-source JPEG 2000 library developed in order to
promote the use of JPEG 2000.
This package contains
* JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profile-1
compliance).
* JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multiple
component transforms for multispectral and hyperspectral imagery)
Update Information:
This update fixes CVE-2016-9580 and CVE-2016-9581.
Topics Covered
Change Log
References
[ 1 ] Bug #1405128 - CVE-2016-9580 openjpeg2: Integer overflow in tiftoimage causes heap buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1405128
[ 2 ] Bug #1405135 - CVE-2016-9581 openjpeg2: Infinite loop in tiftoimage resulting into heap buffer overflow in convert_32s_C1P1
https://bugzilla.redhat.com/show_bug.cgi?id=1405135
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade openjpeg2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: openjpeg2
Product: Fedora 24
Version: 2.1.2
Release: 3.fc24
Summary: C-Library for JPEG 2000
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!