[Pkg-phototools-devel] Bug#800453: CVE-2015-6581: Double free vulnerability in opj_j2k_copy_default_tcp_and_create_tcd
Raphael Hertzog
hertzog at debian.org
Tue Sep 29 15:57:42 UTC 2015
Package: openjpeg2
Severity: important
Tags: security patch
Version: 2.1.0-2
Hi,
the following vulnerability was published for openjpeg2.
CVE-2015-6581[0]:
| Double free vulnerability in the
| opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG
| before r3002, as used in PDFium in Google Chrome before 45.0.2454.85,
| allows remote attackers to execute arbitrary code or cause a denial of
| service (heap memory corruption) by triggering a memory-allocation
| failure.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-6581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6581
jessie is affected as
The upstream fix is here:
https://github.com/uclouvain/openjpeg/commit/0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
More information about the Pkg-phototools-devel
mailing list