OpenJPEG: Multiple vulnerabilities

OpenJPEG: Multiple vulnerabilities Multiple vulnerabilities have been found in OpenJPEG, the worst of which may allow execution of arbitrary code. openjpeg 2016-12-08 2016-12-08 560632 572430 577608 594740 remote 2.1.1_p20160922 1.5.2 2.1.1_p20160922

OpenJPEG is an open-source JPEG 2000 library.

Multiple vulnerabilities have been discovered in OpenJPEG. Please review the CVE identifiers referenced below for details.

A remote attacker could entice a user to open a specially crafted JPEG file, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to obtain sensitive information.

There is no known workaround at this time.

All OpenJPEG 2 users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=media-libs/openjpeg-2.1.1_p20160922:2"

CVE-2015-8871 CVE-2016-1923 CVE-2016-1924 CVE-2016-3181 CVE-2016-3182 CVE-2016-3183 CVE-2016-7445 whissi whissi