From secunia security advisory at $URL:
The vulnerability is caused due to the "Free_All_Memory()" function (jpeg/dectile.c) not properly setting certain decoder elements to NULL after freeing them, which can be exploited to cause a double-free condition via specially crafted FPX images.
The vulnerability is confirmed in version 1.3.1. Prior versions may also be affected.
Update to version 1.3.1-1.
Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c
in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 126.96.36.199 for
IrfanView, allows remote attackers to cause a denial of service (crash) via
a crafted FPX image.
# Aaron Bauman <email@example.com> (20 Feb 2016)
# No maintainer and unmitigated vulnerabilities.
# Masked for removal in 30 days. Bug 395367
Nothing depends on this package:
* These packages depend on media-libs/libfpx:
I apologize for the confusion. Missed a switch on my run of equery. Maintainer/project please bump package.
Arch teams, please test and mark stable:
Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Stable for HPPA PPC64.
Stable on alpha.
Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
cleaned up old version.
GLSA request opened. Thanks arches and maintainer for the effort.
This issue was resolved and addressed in
GLSA 201605-03 at https://security.gentoo.org/glsa/201605-03
by GLSA coordinator Yury German (BlueKnight).