Bugzilla – Bug 1012822
VUL-0: CVE-2016-9675: openjpeg: incorrect fix for CVE-2013-6045
Last modified: 2017-10-11 01:04:46 UTC
A flaw was found in the patch for CVE-2013-6045 for openjpeg-1. A crafted
jpeg2000 image could cause heap-based buffer overflows, leading to a crash or
possible code execution when reading or converting the crafted file.
bugbot adjusting priority
This issue affects only openjpeg <= 1.5.1. See also
The suggested patch is from version 1.5.2.
Leap >= 42.1 and Tumbleweed already have version 1.5.2.
CVE does not affect openSUSE as mentioned in comment 2. (SLE does not include openjpeg 1.x.)