OpenJPEG: Multiple vulnerabilities Multiple vulnerabilities have been found in OpenJPEG, the worst of which may result in execution of arbitrary code. openjpeg 2014-12-13 2014-12-13 484802 493662 remote 1.5.2 1.5.2

OpenJPEG is an open-source JPEG 2000 library.

Multiple vulnerabilities have been discovered in OpenJPEG. Please review the CVE identifiers referenced below for details.

A remote attacker could entice a user to open a specially crafted JPEG file, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to obtain sensitive information.

There is no known workaround at this time.

All OpenJPEG users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/openjpeg-1.5.2" CVE-2013-1447 CVE-2013-4289 CVE-2013-4290 CVE-2013-6045 CVE-2013-6052 CVE-2013-6053 CVE-2013-6054 CVE-2013-6887 BlueKnight ackle