An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact. Upstream bug: https://github.com/uclouvain/openjpeg/issues/995 Upstream patch: https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281 References: https://bugzilla.novell.com/show_bug.cgi?id=1056621 https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-memory-write-in-tgatoimage-convert-c/
Created mingw-openjpeg tracking bugs for this issue: Affects: fedora-all [bug 1487363] Created mingw-openjpeg2 tracking bugs for this issue: Affects: fedora-all [bug 1487365] Created openjpeg tracking bugs for this issue: Affects: fedora-all [bug 1487362] Created openjpeg2 tracking bugs for this issue: Affects: epel-all [bug 1487366] Affects: fedora-all [bug 1487364]
Is openjpeg-1.5.x affected at all? I couldn't get it to crash with the exploit image from novell bugzilla.