A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
2.3.0 is in tree. It fixes several other vulnerabilities like this:
Can we stabilize?
please test and mark stable: =media-libs/openjpeg-2.3.0
Stable on amd64
Stable on alpha.
@maintainers, please clean the vulnerable versions.
This issue was resolved and addressed in
GLSA 201710-26 at https://security.gentoo.org/glsa/201710-26
by GLSA coordinator Aaron Bauman (b-man).
Author: Mart Raudsepp <email@example.com>
Date: Sat Mar 3 14:14:07 2018 +0200
media-libs/openjpeg-2.3.0: arm64 stable