Jump to content
Flubber

Mandriva: 2012:104: openjpeg

By Flubber, in Stiri securitate

Recommended Posts

Flubber Newbie

Flubber

Posted
Posted

Pentru cei ce cred ca imaginile nu sunt periculoase: cititi in continuare.

Problem Description:

 Multiple vulnerabilities has been discovered and corrected in openjpeg:

 OpenJPEG allocated insufficient memory when encoding JPEG 2000 files
 from input images that have certain color depths. A remote attacker
 could provide a specially-crafted image file that, when opened in an
 application linked against OpenJPEG (such as image_to_j2k), would cause
 the application to crash or, potentially, execute arbitrary code with
 the privileges of the user running the application (CVE-2009-5030).

 An input validation flaw, leading to a heap-based buffer overflow,
 was found in the way OpenJPEG handled the tile number and size in an
 image tile header. A remote attacker could provide a specially-crafted
 image file that, when decoded using an application linked against
 OpenJPEG, would cause the application to crash or, potentially,
 execute arbitrary code with the privileges of the user running the
 application (CVE-2012-3358).

 The updated packages have been patched to correct these issues.

Sursa: Mandriva: 2012:104: openjpeg - The Community's Center for Security

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...