Synopsis: Moderate: openjpeg security update Advisory ID: SLSA-2017:0838-1 Issue Date: 2017-03-22 CVE Numbers: CVE-2016-5139 CVE-2016-5158 CVE-2016-5159 CVE-2016-7163 CVE-2016-9675 CVE-2016-9573 -- Security Fix(es): * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) * An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573) * A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675) -- SL7 x86_64 openjpeg-debuginfo-1.5.1-16.el7_3.i686.rpm openjpeg-debuginfo-1.5.1-16.el7_3.x86_64.rpm openjpeg-libs-1.5.1-16.el7_3.i686.rpm openjpeg-libs-1.5.1-16.el7_3.x86_64.rpm openjpeg-1.5.1-16.el7_3.x86_64.rpm openjpeg-devel-1.5.1-16.el7_3.i686.rpm openjpeg-devel-1.5.1-16.el7_3.x86_64.rpm - Scientific Linux Development Team