Bug 1007531 (CVE-2013-4289)
Summary: | CVE-2013-4289 openjpeg: multiple heap-based buffer overflows | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | jcapik, jkurik, oliver, pfrields, phracek, rdieter |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-03-26 06:00:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1007534 |
Description
Vincent Danen
2013-09-12 17:06:08 UTC
Acknowledgements: Red Hat would like to thank Seth Arnold for reporting this issue. This flaw exists in the JP3D image handling code of openjpeg. [Part 10 of JPEG20003 (JP3D), which is concerned with volumetric imaging, aims to provide the same functionality and efficiency for 3D data sets as for its 2D counterparts.] The above code is not present in the version of openjpeg shipped with Red Hat Enterprise Linux 6. Statement: Not vulnerable. This issue does not affect the version of openjpeg as shipped with Red Hat Enterprise Linux 6. This issue does not affect the version of openjpeg as shipped with Fedora 19 and Fedora 20. |