Bug 871412 (CVE-2014-0158) - VUL-0: CVE-2014-0158: openjpeg: heap-based buffer overflow in JPEG2000 image tile decoder
Summary: VUL-0: CVE-2014-0158: openjpeg: heap-based buffer overflow in JPEG2000 image ...
Status: RESOLVED DUPLICATE of bug 853834
Alias: CVE-2014-0158
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other openSUSE 13.1
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Asterios Dramis
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/97490/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-04-01 14:34 UTC by Alexander Bergmann
Modified: 2014-05-02 20:20 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2014-04-01 14:34:40 UTC 
Via rh#1082925:

A heap-based buffer overflow was found in the way openjpeg parsed certain image files from a JPEG2000 image. If a specially-crafted image were opened by an application linked against OpenJPEG, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

Affected:
openSUSE:12.3
openSUSE:13.1

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1082925
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0158
Comment 2 Swamp Workflow Management 2014-04-01 22:00:42 UTC 
bugbot adjusting priority
Comment 3 Asterios Dramis 2014-05-02 20:20:34 UTC 
This is a duplicate of CVE-2013-1447. See also:

http://www.openwall.com/lists/oss-security/2014/04/02/2

*** This bug has been marked as a duplicate of bug 853834 ***