Bug 1037945 - (CVE-2013-1447) CVE-2013-1447 openjpeg: multiple denial of service flaws
CVE-2013-1447 openjpeg: multiple denial of service flaws
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20131204,repor...
: Reopened, Security
: 1082925 1082996 (view as bug list)
Depends On: 1038409 1038411 1038415 1038981 1038985 1038987
Blocks: 1036502 1082925
  Show dependency treegraph
 
Reported: 2013-12-04 01:18 EST by Murray McAllister
Modified: 2015-11-24 10:38 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-05 00:26:42 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
patch 1 (765 bytes, patch)
2013-12-11 02:33 EST, Murray McAllister
no flags Details | Diff
patch 2 (2.10 KB, patch)
2013-12-11 02:33 EST, Murray McAllister
no flags Details | Diff
patch 3 (1.83 KB, patch)
2013-12-11 02:34 EST, Murray McAllister
no flags Details | Diff
patch 4 (1.14 KB, patch)
2013-12-11 02:34 EST, Murray McAllister
no flags Details | Diff
patch 5 (509 bytes, patch)
2013-12-11 02:35 EST, Murray McAllister
no flags Details | Diff
patch 6 (590 bytes, patch)
2013-12-11 02:35 EST, Murray McAllister
no flags Details | Diff
patch 7 (583 bytes, patch)
2013-12-11 02:36 EST, Murray McAllister
no flags Details | Diff
patch 8 (502 bytes, patch)
2013-12-11 02:36 EST, Murray McAllister
no flags Details | Diff
patch 9 (710 bytes, patch)
2013-12-11 02:37 EST, Murray McAllister
no flags Details | Diff

  None (edit)
Description Murray McAllister 2013-12-04 01:18:11 EST
Raphael Geissert discovered multiple denial of service flaws in OpenJPEG. If a specially-crafted image were opened by an application linked against OpenJPEG, it could cause the application to crash.

Acknowledgements:

Red Hat would like to thank Raphael Geissert for reporting these issues during a review for EDF.
Comment 3 Huzaifa S. Sidhpurwala 2013-12-06 04:48:42 EST
Created openjpeg tracking bugs for this issue:

Affects: fedora-all [bug 1038409]
Affects: epel-5 [bug 1038411]
Comment 4 Huzaifa S. Sidhpurwala 2013-12-06 04:48:46 EST
Created mingw-openjpeg tracking bugs for this issue:

Affects: fedora-all [bug 1038981]
Comment 6 Murray McAllister 2013-12-11 02:33:30 EST
Created attachment 835142 [details]
patch 1
Comment 7 Murray McAllister 2013-12-11 02:33:58 EST
Created attachment 835143 [details]
patch 2
Comment 8 Murray McAllister 2013-12-11 02:34:27 EST
Created attachment 835144 [details]
patch 3
Comment 9 Murray McAllister 2013-12-11 02:34:50 EST
Created attachment 835145 [details]
patch 4
Comment 10 Murray McAllister 2013-12-11 02:35:21 EST
Created attachment 835146 [details]
patch 5
Comment 11 Murray McAllister 2013-12-11 02:35:42 EST
Created attachment 835147 [details]
patch 6
Comment 12 Murray McAllister 2013-12-11 02:36:11 EST
Created attachment 835149 [details]
patch 7
Comment 13 Murray McAllister 2013-12-11 02:36:38 EST
Created attachment 835150 [details]
patch 8
Comment 14 Murray McAllister 2013-12-11 02:37:08 EST
Created attachment 835152 [details]
patch 9
Comment 16 errata-xmlrpc 2013-12-17 13:42:47 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:1850 https://rhn.redhat.com/errata/RHSA-2013-1850.html
Comment 17 Fedora Update System 2014-01-14 03:43:48 EST
openjpeg-1.5.1-8.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 18 Fedora Update System 2014-01-30 23:29:59 EST
openjpeg-1.5.1-8.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 19 Huzaifa S. Sidhpurwala 2014-04-02 04:58:06 EDT
*** Bug 1082925 has been marked as a duplicate of this bug. ***
Comment 21 Jaromír Cápík 2014-04-03 08:43:53 EDT
*** Bug 1082996 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.