Raphael Geissert discovered out-of-bounds memory read flaws in OpenJPEG. If a specially-crafted image were opened by an application linked against OpenJPEG, it could cause the application to crash or lead to information leaks. These issues only affected the version of OpenJPEG as shipped in Fedora (version 1.5.1)
Created attachment 831460 [details] proposed patch
Acknowledgements: Red Hat would like to thank Raphael Geissert for reporting these issues during a review for EDF.
Created openjpeg tracking bugs for this issue: Affects: fedora-all [bug 1038409]
Created mingw-openjpeg tracking bugs for this issue: Affects: fedora-all [bug 1038410]
Statement: Not Vulnerable. This issue does not affect the version of openjpeg as shipped with Red Hat Enterprise Linux 6.
mingw-openjpeg-1.5.1-5.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
mingw-openjpeg-1.5.1-5.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
openjpeg-1.5.1-8.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
openjpeg-1.5.1-8.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.