From secunia security advisory at $URL: Description: The vulnerability is caused due to the "Free_All_Memory()" function (jpeg/dectile.c) not properly setting certain decoder elements to NULL after freeing them, which can be exploited to cause a double-free condition via specially crafted FPX images. The vulnerability is confirmed in version 1.3.1. Prior versions may also be affected. Solution: Update to version 1.3.1-1.
CVE-2012-0025 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0025): Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image.
# Aaron Bauman <bman@gentoo.org> (20 Feb 2016) # No maintainer and unmitigated vulnerabilities. # Masked for removal in 30 days. Bug 395367 media-libs/libfpx Nothing depends on this package: * These packages depend on media-libs/libfpx:
I apologize for the confusion. Missed a switch on my run of equery. Maintainer/project please bump package.
https://gitweb.gentoo.org/repo/gentoo.git/commit/media-libs/libfpx?id=b8e66d798f0705146b1e1602a1adf2f4c2a7247d
Arch teams, please test and mark stable: =media-libs/libfpx-1.3.1_p6 Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Stable for HPPA PPC64.
amd64 stable
arm stable
Stable on alpha.
x86 stable
ppc stable
sparc stable
ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
cleaned up old version. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a3dc810b1af2ad2d2e1888c414ebd72723f0cff
GLSA request opened. Thanks arches and maintainer for the effort.
This issue was resolved and addressed in GLSA 201605-03 at https://security.gentoo.org/glsa/201605-03 by GLSA coordinator Yury German (BlueKnight).