An out-of-bounds read vulnerability in opj_tcd_free_tile function causing segmentation fault triggered by specially crafted JPEG2000 image file was found in openjpeg version 2016.03.14. CVE request (contains reproducer): http://seclists.org/oss-sec/2016/q1/630
Created mingw-openjpeg2 tracking bugs for this issue: Affects: fedora-all [bug 1317831]
Created openjpeg2 tracking bugs for this issue: Affects: fedora-all [bug 1317830] Affects: epel-all [bug 1317832]
CVE assignment: http://seclists.org/oss-sec/2016/q1/666
Upstream report: https://github.com/uclouvain/openjpeg/issues/724
openjpeg2-2.1.1-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
openjpeg2-2.1.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
mingw-openjpeg2-2.1.1-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
mingw-openjpeg2-2.1.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Upstream ticket: https://github.com/uclouvain/openjpeg/issues/724 From there: > Origin of the issue is the same as #725 This is probably a duplicate of bug 1317826
*** This bug has been marked as a duplicate of bug 1317826 ***
Statement: This flaw was found to be a duplicate of CVE-2016-3182. Please see https://access.redhat.com/security/cve/CVE-2016-3182 for information about affected products and security errata.