Bug 853834 (CVE-2013-1447) - VUL-0: CVE-2013-1447: openjpeg: multiple denial of service flaws
Summary: VUL-0: CVE-2013-1447: openjpeg: multiple denial of service flaws
Status: RESOLVED FIXED
: CVE-2014-0158 (view as bug list)
Alias: CVE-2013-1447
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other openSUSE 13.1
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Asterios Dramis
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-12-05 09:48 UTC by Victor Pereira
Modified: 2017-08-04 08:14 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2013-12-05 09:48:50 UTC 
CVE-2013-1447

Raphael Geissert discovered multiple denial of service flaws in OpenJPEG. If a specially-crafted image were opened by an application linked against OpenJPEG, it could cause the application to crash.

thanks to Raphael Geissert for reporting these issues.


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1447
https://bugzilla.redhat.com/show_bug.cgi?id=1037945
Comment 1 Swamp Workflow Management 2013-12-05 23:00:28 UTC 
bugbot adjusting priority
Comment 2 Alexander Bergmann 2014-01-10 15:24:52 UTC 
patches can be found here: 

https://bugzilla.redhat.com/show_bug.cgi?id=1037945
Comment 5 Asterios Dramis 2014-05-02 20:20:34 UTC 
*** Bug 871412 has been marked as a duplicate of this bug. ***
Comment 6 Asterios Dramis 2014-05-02 21:55:08 UTC 
Sorry for the late reply.

A fix for Factory has been submitted with SR#222106
Comment 7 Johannes Segitz 2015-04-01 13:49:09 UTC 
(In reply to Asterios Dramis from comment #6)
thanks. Any chance that you can submit for openSUSE 13.1 too?
Comment 8 Johannes Segitz 2017-08-04 08:14:45 UTC 
fixed in current Leap and Factory