CVE-2017-17480 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17480): In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. CVE-2017-17479 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17479): In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
@Maintainers please call for stabilization when ready. Thank you
Tracking PR upstream.
cleanup will be tracked in bug #646774