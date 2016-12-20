Name : openjpeg2

Product : Fedora 25

Version : 2.1.2

Release : 3.fc25

URL : https://github.com/uclouvain/openjpeg

Summary : C-Library for JPEG 2000

Description :

The OpenJPEG library is an open-source JPEG 2000 library developed in order to

promote the use of JPEG 2000.



This package contains

* JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profile-1

compliance).

* JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multiple

component transforms for multispectral and hyperspectral imagery)



Update Information:



This update fixes CVE-2016-9580 and CVE-2016-9581.

References:



[ 1 ] Bug #1405128 - CVE-2016-9580 openjpeg2: Integer overflow in tiftoimage

causes heap buffer overflow

https://bugzilla.redhat.com/show_bug.cgi?id=1405128

[ 2 ] Bug #1405135 - CVE-2016-9581 openjpeg2: Infinite loop in tiftoimage

resulting into heap buffer overflow in convert_32s_C1P1

https://bugzilla.redhat.com/show_bug.cgi?id=1405135

This update can be installed with the "dnf" update program. Use

su -c 'dnf upgrade openjpeg2' at the command line.

For more information, refer to the dnf documentation available at

http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label



All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/keys

