Raphael Geissert discovered multiple denial of service flaws in OpenJPEG. If a specially-crafted image were opened by an application linked against OpenJPEG, it could cause the application to crash. Acknowledgements: Red Hat would like to thank Raphael Geissert for reporting these issues during a review for EDF.
Created openjpeg tracking bugs for this issue: Affects: fedora-all [bug 1038409] Affects: epel-5 [bug 1038411]
Created mingw-openjpeg tracking bugs for this issue: Affects: fedora-all [bug 1038981]
Created attachment 835142 [details] patch 1
Created attachment 835143 [details] patch 2
Created attachment 835144 [details] patch 3
Created attachment 835145 [details] patch 4
Created attachment 835146 [details] patch 5
Created attachment 835147 [details] patch 6
Created attachment 835149 [details] patch 7
Created attachment 835150 [details] patch 8
Created attachment 835152 [details] patch 9
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1850 https://rhn.redhat.com/errata/RHSA-2013-1850.html
openjpeg-1.5.1-8.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
openjpeg-1.5.1-8.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
*** Bug 1082925 has been marked as a duplicate of this bug. ***
*** Bug 1082996 has been marked as a duplicate of this bug. ***