1037945 – (CVE-2013-1447) CVE-2013-1447 openjpeg: multiple denial of service flaws

Bug 1037945 (CVE-2013-1447) - CVE-2013-1447 openjpeg: multiple denial of service flaws

Summary: CVE-2013-1447 openjpeg: multiple denial of service flaws

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2013-1447
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (2):	1082925 1082996 (view as bug list)
Depends On:	1038409 1038411 1038415 1038981 1038985 1038987
Blocks:	1036502 1082925
TreeView+	depends on / blocked

Reported:	2013-12-04 06:18 UTC by Murray McAllister
Modified:	2023-05-12 01:26 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-20 10:41:50 UTC
Embargoed:

Attachments	(Terms of Use)
patch 1 (765 bytes, patch) 2013-12-11 07:33 UTC, Murray McAllister	no flags	Details \| Diff
patch 2 (2.10 KB, patch) 2013-12-11 07:33 UTC, Murray McAllister	no flags	Details \| Diff
patch 3 (1.83 KB, patch) 2013-12-11 07:34 UTC, Murray McAllister	no flags	Details \| Diff
patch 4 (1.14 KB, patch) 2013-12-11 07:34 UTC, Murray McAllister	no flags	Details \| Diff
patch 5 (509 bytes, patch) 2013-12-11 07:35 UTC, Murray McAllister	no flags	Details \| Diff
patch 6 (590 bytes, patch) 2013-12-11 07:35 UTC, Murray McAllister	no flags	Details \| Diff
patch 7 (583 bytes, patch) 2013-12-11 07:36 UTC, Murray McAllister	no flags	Details \| Diff
patch 8 (502 bytes, patch) 2013-12-11 07:36 UTC, Murray McAllister	no flags	Details \| Diff
patch 9 (710 bytes, patch) 2013-12-11 07:37 UTC, Murray McAllister	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1212827	0	unspecified	CLOSED	[abrt] nautilus: jpc_qmfb_join_colgrp(): nautilus killed by SIGSEGV	2021-02-22 00:41:40 UTC
Red Hat Product Errata	RHSA-2013:1850	0	normal	SHIPPED_LIVE	Important: openjpeg security update	2013-12-17 23:36:51 UTC

Internal Links: 1212827

Description Murray McAllister 2013-12-04 06:18:11 UTC

Raphael Geissert discovered multiple denial of service flaws in OpenJPEG. If a specially-crafted image were opened by an application linked against OpenJPEG, it could cause the application to crash.

Acknowledgements:

Red Hat would like to thank Raphael Geissert for reporting these issues during a review for EDF.

Comment 3 Huzaifa S. Sidhpurwala 2013-12-06 09:48:42 UTC

Created openjpeg tracking bugs for this issue:

Affects: fedora-all [bug 1038409]
Affects: epel-5 [bug 1038411]

Comment 4 Huzaifa S. Sidhpurwala 2013-12-06 09:48:46 UTC

Created mingw-openjpeg tracking bugs for this issue:

Affects: fedora-all [bug 1038981]

Comment 6 Murray McAllister 2013-12-11 07:33:30 UTC

Created attachment 835142 [details]
patch 1

Comment 7 Murray McAllister 2013-12-11 07:33:58 UTC

Created attachment 835143 [details]
patch 2

Comment 8 Murray McAllister 2013-12-11 07:34:27 UTC

Created attachment 835144 [details]
patch 3

Comment 9 Murray McAllister 2013-12-11 07:34:50 UTC

Created attachment 835145 [details]
patch 4

Comment 10 Murray McAllister 2013-12-11 07:35:21 UTC

Created attachment 835146 [details]
patch 5

Comment 11 Murray McAllister 2013-12-11 07:35:42 UTC

Created attachment 835147 [details]
patch 6

Comment 12 Murray McAllister 2013-12-11 07:36:11 UTC

Created attachment 835149 [details]
patch 7

Comment 13 Murray McAllister 2013-12-11 07:36:38 UTC

Created attachment 835150 [details]
patch 8

Comment 14 Murray McAllister 2013-12-11 07:37:08 UTC

Created attachment 835152 [details]
patch 9

Comment 16 errata-xmlrpc 2013-12-17 18:42:47 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:1850 https://rhn.redhat.com/errata/RHSA-2013-1850.html

Comment 17 Fedora Update System 2014-01-14 08:43:48 UTC

openjpeg-1.5.1-8.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 18 Fedora Update System 2014-01-31 04:29:59 UTC

openjpeg-1.5.1-8.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 19 Huzaifa S. Sidhpurwala 2014-04-02 08:58:06 UTC

*** Bug 1082925 has been marked as a duplicate of this bug. ***

Comment 21 Jaromír Cápík 2014-04-03 12:43:53 UTC

*** Bug 1082996 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.