MGASA-2016-0426
- Source
- https://advisories.mageia.org/MGASA-2016-0426.html
- Import Source
- https://advisories.mageia.org/MGASA-2016-0426.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2016-0426
- Related
- Published
- 2016-12-29T10:29:11Z
- Modified
- 2016-12-29T10:17:00Z
- Summary
- Updated openjpeg2 packages fix security vulnerabilities
- Details
-
A NULL pointer dereference flaw was found in the way openjpeg decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image (CVE-2016-9572).
A heap buffer overflow flaw was found in the way openjpeg decompressed certain input images. Due to an insufficient check in the imagetopnm() function, an application using openjpeg to process image data could crash when processing a crafted image (CVE-2016-9573).
An integer overflow vulnerability was found in tiftoimage function resulting into heap buffer overflow (CVE-2016-9580).
An infinite loop vulnerability in tiftoimage that results into heap buffer overflow in convert32sC1P1 was found (CVE-2016-9581)
- References
-
- https://advisories.mageia.org/MGASA-2016-0426.html
- https://bugs.mageia.org/show_bug.cgi?id=19921
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/G3C7U32IFCUOTSYNRT6QD5AFHWZ2ELHE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FBFRC3OO5376WRT5PO5VE2JL6UB3NBO7/
- Credits
-
-
- Mageia - COORDINATOR
-