Summary: | <media-libs/openjpeg-1.5.0 : CMAP Record Parsing Vulnerability (CVE-2012-1499) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | graphics+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/48498/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-03-21 17:19:39 UTC
=media-libs/openjpeg-1.5.0 is in Portage but upstream changed SONAME (again) and the cmake based build system is poorly done so it's (again) unclear if there was a real API/ABI breakage. Please test reverse dependencies: http://qa-reports.gentoo.org/output/genrdeps/rindex/media-libs/openjpeg CCing arch's for testing/stabilization. Stable for HPPA. amd64 stable x86 stable ppc64 done ppc done arm stable alpha/ia64/s390/sh/sparc stable Thanks, everyone. Already on existing GLSA request, but waiting on bug 412895. CVE-2012-1499 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1499): The JPEG 2000 codec in OpenJPEG before 1.5 does not properly allocate memory during file parsing, which allows remote attackers to execute arbitrary code via a crafted file. This issue was resolved and addressed in GLSA 201206-06 at http://security.gentoo.org/glsa/glsa-201206-06.xml by GLSA coordinator Sean Amoss (ackle). |