A flaw was found in the patch for CVE-2013-6045 for openjpeg-1. A crafted jpeg2000 image could cause heap-based buffer overflows, leading to a crash or possible code execution when reading or converting the crafted file. External reference: http://seclists.org/oss-sec/2016/q3/624 See also: https://bugzilla.redhat.com/show_bug.cgi?id=1036495#c20 https://bugs.debian.org/734238 Adjusted patch attached, but see also: http://pkgs.fedoraproject.org/cgit/rpms/openjpeg.git/commit/?id=ecc78395d2c04b4bc4e37435c2c9c5a603f8910a
Created openjpeg tracking bugs for this issue: Affects: epel-5 [bug 1382205]
Created mingw-openjpeg tracking bugs for this issue: Affects: fedora-all [bug 1382204]
Acknowledgments: Name: Doran Moppert (Red Hat Product Security)
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:0559 https://rhn.redhat.com/errata/RHSA-2017-0559.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:0838 https://rhn.redhat.com/errata/RHSA-2017-0838.html