You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa openjpeg2

Sigurnosni nedostaci programskog paketa openjpeg2

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2017-08-13 17:48:59.925474

Name : openjpeg2
Product : Fedora 26
Version : 2.2.0
Release : 1.fc26
Summary : C-Library for JPEG 2000
Description :
The OpenJPEG library is an open-source JPEG 2000 library developed in order to
promote the use of JPEG 2000.

This package contains
* JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profile-1
* JP2 (JPEG 2000 standard Part 2 – Handling of JP2 boxes and extended multiple
component transforms for multispectral and hyperspectral imagery)

Update Information:

Update to version 2.2.0, see for details.

[ 1 ] Bug #1390234 – CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issues [fedora-all]
[ 2 ] Bug #1435072 – CVE-2016-5139 openjpeg2: chromium-browser, openjpeg: Heap overflow in parsing of JPEG2000 precincts [fedora-all]
[ 3 ] Bug #1435071 – CVE-2016-5158 openjpeg2: chromium-browser, openjpeg: heap overflow due to unsafe use of opj_aligned_malloc [fedora-all]
[ 4 ] Bug #1435070 – CVE-2016-5159 openjpeg2: chromium-browser, openjpeg: heap overflow in parsing of JPEG2000 code blocks [fedora-all]
[ 5 ] Bug #1418150 – CVE-2016-9112 openjpeg2: Floating point exception vulnerability in openjpeg2 when processing untrusted images [fedora-all]

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade openjpeg2’ at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to

AutorTomislav Protega
Cert idNCERT-REF-2017-08-0105-ADV
More in Preporuke
Sigurnosni nedostatak programske biblioteke libgxps

Otkriven je sigurnosni nedostatak u programskoj biblioteki libgxps za Fedoru. Otkriveni nedostatak posljedica je dereferenciranja NULL pokazivača u funkciji caseless_hash...