| Description: | Summary:
The remote host is missing an update for the 'openjpeg' package(s) announced via the MGASA-2017-0122 advisory.
Vulnerability Insight:
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in
OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow
remote attackers to cause a denial of service (heap-based buffer overflow)
or possibly have unspecified other impact via crafted JPEG 2000 data.
(CVE-2016-5139)
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in
OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on
Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers
to cause a denial of service (heap-based buffer overflow) or possibly have
unspecified other impact via crafted JPEG 2000 data. (CVE-2016-5158)
Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome
before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux,
allow remote attackers to cause a denial of service (heap-based buffer
overflow) or possibly have unspecified other impact via crafted JPEG 2000
data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c.
(CVE-2016-5159)
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG
allows remote attackers to execute arbitrary code via a crafted JP2 file,
which triggers an out-of-bounds read or write. (CVE-2016-7163)
An out-of-bounds read vulnerability was found in OpenJPEG, in the
j2k_to_image tool. Converting a specially crafted JPEG2000 file to another
format could cause the application to crash or, potentially, disclose some
data from the heap. (CVE-2016-9573
Affected Software/OS:
'openjpeg' package(s) on Mageia 5.
Solution:
Please install the updated package(s).
CVSS Score:
6.8
CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
