| Bug ID | 1002414 |
|---|---|
| Summary | CVE-2016-8332: OpenJPEG: OpenJPEG JPEG2000 mcc record Code Execution Vulnerability |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.1 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | security-team@suse.de |
| Reporter | mikhail.kasimov@gmail.com |
| QA Contact | qa-bugs@suse.de |
| Found By | --- |
| Blocker | --- |
Hello! [1] info about: http://blog.talosintel.com/2016/09/vulnerability-spotlight-jpeg2000.html [2] Talos Vulnerability Report: http://www.talosintelligence.com/reports/TALOS-2016-0193/ Although tested version on [2] is OpenJpeg openjp2 2.1.1 and due to https://software.opensuse.org/package/openjpeg2 version 2.1.0 is being in use in openSUSE, this version potentially can be also vulnerable. Upstream report for 2.1.2, which is currently in release: https://github.com/uclouvain/openjpeg/issues/852 - waiting for resolution. Thanks!