Solution
Please Install the Updated Packages.
Insight
OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format.
It was found that OpenJPEG failed to sanity-check an image header field before using it. A remote attacker could provide a specially-crafted image file that could cause an application linked against OpenJPEG to crash or, possibly, execute arbitrary code. (CVE-2012-3535)
This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.
Users of OpenJPEG should upgrade to these updated packages, which contain a patch to correct this issue. All running applications using OpenJPEG must be restarted for the update to take effect.
Affected
openjpeg on CentOS 6
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-3535 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities