Raphael Geissert discovered out-of-bounds memory read flaws in OpenJPEG. If a specially-crafted image were opened by an application linked against OpenJPEG, it could cause the application to crash or lead to information leaks.
Created attachment 831459 [details] proposed patch
Acknowledgements: Red Hat would like to thank Raphael Geissert for reporting these issues during a review for EDF.
Created openjpeg tracking bugs for this issue: Affects: fedora-all [bug 1038409]
Created mingw-openjpeg tracking bugs for this issue: Affects: fedora-all [bug 1038410]
Created openjpeg tracking bugs for this issue: Affects: epel-5 [bug 1038411]
mingw-openjpeg-1.5.1-5.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
mingw-openjpeg-1.5.1-5.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1850 https://rhn.redhat.com/errata/RHSA-2013-1850.html
openjpeg-1.5.1-8.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
openjpeg-1.5.1-8.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.