CentOS Update For Openjpeg CESA-2012:1283 Centos6 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. It was found that OpenJPEG failed to sanity-check an image header field before using it. A remote attacker could provide a specially-crafted image file that could cause an application linked against OpenJPEG to crash or, possibly, execute arbitrary code. (CVE-2012-3535) This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. Users of OpenJPEG should upgrade to these updated packages, which contain a patch to correct this issue. All running applications using OpenJPEG must be restarted for the update to take effect.

Affected

openjpeg on CentOS 6

References

http://lists.centos.org/pipermail/centos-announce/2012-September/018885.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-3535
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

CentOS Security Advisory CESA-2009:1648 (ntp)
CentOS Security Advisory CESA-2009:1335 (openssl)
CentOS Security Advisory CESA-2009:1039 (ntp)
CentOS Security Advisory CESA-2009:0004-01 (openssl)
CentOS Security Advisory CESA-2009:1651 (ntp)

CentOS Update for openjpeg CESA-2012:1283 centos6

Take action and discover your vulnerabilities