Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Fedora 25 Advisory 2016-C404A59411 Critical: Openjpeg2 Buffer Overflow

fedora
Calendar Grey December 19, 2016
Dist Fedora Esm H88
This patch resolves significant vulnerabilities found in openjpeg2 for Fedora 25, targeting potential memory corruption exploits directly.
This update fixes CVE-2016-9580 and CVE-2016-9581.

Summary

The OpenJPEG library is an open-source JPEG 2000 library developed in order to

promote the use of JPEG 2000.

This package contains

* JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profile-1

compliance).

* JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multiple

component transforms for multispectral and hyperspectral imagery)

Update Information:

This update fixes CVE-2016-9580 and CVE-2016-9581.

Change Log

References


[ 1 ] Bug #1405128 - CVE-2016-9580 openjpeg2: Integer overflow in tiftoimage causes heap buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1405128 [ 2 ] Bug #1405135 - CVE-2016-9581 openjpeg2: Infinite loop in tiftoimage resulting into heap buffer overflow in convert_32s_C1P1 https://bugzilla.redhat.com/show_bug.cgi?id=1405135

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade openjpeg2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: openjpeg2
Product: Fedora 25
Version: 2.1.2
Release: 3.fc25
Summary: C-Library for JPEG 2000

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.