Bug 98218

Summary: OpenJPEG Code Execution Vulnerability
Product: poppler Reporter: sivmu
Component: generalAssignee: poppler-bugs <poppler-bugs>
Status: RESOLVED INVALID QA Contact:
Severity: major    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
URL: http://www.talosintelligence.com/reports/TALOS-2016-0193/
Whiteboard:
i915 platform: i915 features:

Description sivmu 2016-10-12 21:25:46 UTC
Cisco Talos reported a critical vulnerablity in OpenJPEG, mentioning poppler as one of the vulnerable target applications that rely on this library.

http://www.talosintelligence.com/reports/TALOS-2016-0193/
Comment 1 Albert Astals Cid 2016-10-12 21:36:50 UTC
You should report that to OpenJPEG, not to us.
Comment 2 sivmu 2016-10-12 21:38:45 UTC
OpenJPEG has fixed the issue in their newes release, but I don't know if poppler uses static dependencies that need to be updated as well. Some of the mentioned applications did.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.