MGASA-2012-0166
| Date: | July 14th, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated openjpeg packages fix security vulnerability:
An input validation flaw, leading to a heap-based buffer overflow, was
found in the way OpenJPEG handled the tile number and size in an image
tile header. A remote attacker could provide a specially-crafted image
file that, when decoded using an application linked against OpenJPEG,
would cause the application to crash or, potentially, execute arbitrary
code with the privileges of the user running the application
(CVE-2012-3358).
Updated Packages:
Mageia 1:
lib(64)openjpeg2-1.3-7.2.mga1
lib(64)openjpeg-devel-1.3-7.2.mga1
Mageia 2:
openjpeg-1.5.0-1.3.mga2
lib(64)openjpeg1-1.5.0-1.3.mga2
lib(64)openjpeg-devel-1.5.0-1.3.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3358
https://rhn.redhat.com/errata/RHSA-2012-1068.html
https://bugs.mageia.org/show_bug.cgi?id=6758
