OpenJPEG: Multiple vulnerabilities — GLSA 201710-26

Multiple vulnerabilities have been found in OpenJPEG, the worst of which may allow remote attackers to execute arbitrary code.

Affected packages

media-libs/openjpeg on all architectures
Affected versions < 2.3.0
Unaffected versions >= 2.3.0

Background

OpenJPEG is an open-source JPEG 2000 library.

Description

Multiple vulnerabilities have been discovered in OpenJPEG. Please review the references below for details.

Impact

A remote attacker, via a crafted BMP, PDF, or j2k document, could execute arbitrary code, cause a Denial of Service condition, or have other unspecified impacts.

Workaround

There is no known workaround at this time.

Resolution

All OpenJPEG users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/openjpeg-2.3.0:2"
 

References

Release date
October 23, 2017

Latest revision
October 23, 2017: 1

Severity
normal

Exploitable
remote

Bugzilla entries