MGASA-2012-0152
| Date: | July 10th, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated openjpeg packages fix security vulnerability:
An out-of heap-based buffer bounds read and write flaw, leading to
invalid free, was found in the way a tile coder / decoder (TCD)
implementation of OpenJPEG, an open-source JPEG 2000 codec written in
C language, performed releasing of previously allocated memory for the
TCD encoder handle by processing certain Gray16 TIFF images. A remote
attacker could provide a specially-crafted TIFF image file, which once
converted into the JPEG 2000 file format with an application linked
against OpenJPEG (such as 'image_to_j2k'), would lead to that
application crash, or, potentially arbitrary code execution with the
privileges of the user running the application (CVE-2009-5030).
Updated Packages:
Mageia 1:
lib(64)openjpeg2-1.3-7.1.mga1
lib(64)openjpeg-devel-1.3-7.1.mga1
Mageia 2:
openjpeg-1.5.0-1.2.mga2
lib(64)openjpeg1-1.5.0-1.2.mga2
lib(64)openjpeg-devel-1.5.0-1.2.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5030
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083105.html
https://bugs.mageia.org/show_bug.cgi?id=6624
