506456 – (CVE-2014-0158) media-libs/openjpeg : Heap-based buffer overflow in JPEG2000 image tile decoder

Bug 506456 (CVE-2014-0158) - media-libs/openjpeg : Heap-based buffer overflow in JPEG2000 image tile decoder

Summary: media-libs/openjpeg : Heap-based buffer overflow in JPEG2000 image tile decoder

Status:	RESOLVED DUPLICATE of bug 493662

Alias:	CVE-2014-0158

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	A2 [upstream]
Keywords:

Depends on:
Blocks:

Reported:	2014-04-01 12:54 UTC by Agostino Sarubbo
Modified:	2014-08-24 15:31 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2014-04-01 12:54:17 UTC

From ${URL} :

A heap-based buffer overflow was found in the way openjpeg parsed certain image files from a JPEG2000 
image. If a specially-crafted image were opened by an application linked against OpenJPEG, it could cause 
the application to crash or, potentially, execute arbitrary code with the privileges of the user running 
the application.


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Samuli Suominen (RETIRED) gentoo-dev

2014-08-24 15:30:47 UTC


*** This bug has been marked as a duplicate of bug 493662 ***

Comment 2 Samuli Suominen (RETIRED) gentoo-dev

2014-08-24 15:31:55 UTC

(In reply to Samuli Suominen from comment #1)
> 
> *** This bug has been marked as a duplicate of bug 493662 ***

This is why this CVE is a duplicate:

http://bugzilla.redhat.com/show_bug.cgi?id=1082925#c10
http://www.openwall.com/lists/oss-security/2014/04/02/2