Lucene search

K

Gentoo FoundationGLSA-201412-24

HistoryDec 13, 2014 - 12:00 a.m.

OpenJPEG: Multiple vulnerabilities

2014-12-1300:00:00

Gentoo Foundation

security.gentoo.org

8

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.171 Low

EPSS

Percentile

96.1%

Background

OpenJPEG is an open-source JPEG 2000 library.

Description

Multiple vulnerabilities have been discovered in OpenJPEG. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted JPEG file, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All OpenJPEG users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=media-libs/openjpeg-1.5.2"

OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-libs/openjpeg< 1.5.2UNKNOWN

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.171 Low

EPSS

Percentile

96.1%

Related for GLSA-201412-24

openvas35 nessus29 securityvulns3 fedora11 mageia1 freebsd1 redhat2 amazon2 osv2 veracode4 debian2 centos2 oraclelinux1 prion10 nvd10 cvelist10 cve10 ubuntucve10 altlinux1 redhatcve1