Raphael Geissert discovered multiple denial of service flaws in OpenJPEG. If a specially-crafted image were opened by an application linked against OpenJPEG, it could cause the application to crash.
Red Hat would like to thank Raphael Geissert for reporting these issues during a review for EDF.
Created openjpeg tracking bugs for this issue:
Affects: fedora-all [bug 1038409]
Affects: epel-5 [bug 1038411]
Created mingw-openjpeg tracking bugs for this issue:
Affects: fedora-all [bug 1038981]
Created attachment 835142 [details]
Created attachment 835143 [details]
Created attachment 835144 [details]
Created attachment 835145 [details]
Created attachment 835146 [details]
Created attachment 835147 [details]
Created attachment 835149 [details]
Created attachment 835150 [details]
Created attachment 835152 [details]
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:1850 https://rhn.redhat.com/errata/RHSA-2013-1850.html
openjpeg-1.5.1-8.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
openjpeg-1.5.1-8.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
*** Bug 1082925 has been marked as a duplicate of this bug. ***
*** Bug 1082996 has been marked as a duplicate of this bug. ***