Bug 98218 - OpenJPEG Code Execution Vulnerability
Summary: OpenJPEG Code Execution Vulnerability
Status: RESOLVED INVALID
Alias: None
Product: poppler
Classification: Unclassified
Component: general (show other bugs)
Version: unspecified
Hardware: Other All
: medium major
Assignee: poppler-bugs
QA Contact:
URL: http://www.talosintelligence.com/repo...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-10-12 21:25 UTC by sivmu
Modified: 2016-10-12 21:38 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments

Description sivmu 2016-10-12 21:25:46 UTC 
Cisco Talos reported a critical vulnerablity in OpenJPEG, mentioning poppler as one of the vulnerable target applications that rely on this library.

http://www.talosintelligence.com/reports/TALOS-2016-0193/
Comment 1 Albert Astals Cid 2016-10-12 21:36:50 UTC 
You should report that to OpenJPEG, not to us.
Comment 2 sivmu 2016-10-12 21:38:45 UTC 
OpenJPEG has fixed the issue in their newes release, but I don't know if poppler uses static dependencies that need to be updated as well. Some of the mentioned applications did.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.