FS#52104 - [openjpeg2] CVE-2016-9580 and CVE-2016-9581 (heap buffer overflows)
Attached to Project:
Arch Linux
Opened by Pascal Ernster (hardfalcon) - Saturday, 10 December 2016, 13:59 GMT
Last edited by Andreas Radke (AndyRTR) - Saturday, 10 December 2016, 16:29 GMT
Opened by Pascal Ernster (hardfalcon) - Saturday, 10 December 2016, 13:59 GMT
Last edited by Andreas Radke (AndyRTR) - Saturday, 10 December 2016, 16:29 GMT
|
Details
Affected package: openjpeg2=<2.1.2-1
Upstream bug reports: https://github.com/uclouvain/openjpeg/issues/871 https://github.com/uclouvain/openjpeg/issues/872 POC: https://github.com/uclouvain/openjpeg/files/636717/poc1.analysis1.zip Preliminary fix: https://github.com/szukw000/openjpeg/commit/cadff5fb Preliminary fix as patch file: https://github.com/szukw000/openjpeg/commit/cadff5fb.patch |
This task depends upon
Closed by Andreas Radke (AndyRTR)
Saturday, 10 December 2016, 16:29 GMT
Reason for closing: Fixed
Additional comments about closing: 2.1.2-2
Saturday, 10 December 2016, 16:29 GMT
Reason for closing: Fixed
Additional comments about closing: 2.1.2-2