JPEGView - Image Viewer and Editor / Bugs / #58 JPEG2000 security bug in openjp 2.1.1

#58 JPEG2000 security bug in openjp 2.1.1

Milestone: Next release

Status: closed

Owner: nobody

Labels: None

Priority: 5

Updated: 2017-01-04

Created: 2016-10-14

Creator:

Private: No

In openjp 2.1.1 a bug exist which allow code executation when a special JPEG2000 is open.
Did JPEGView use that openjp library? If yes, please update that library to fix that.

Here more infos: http://www.talosintelligence.com/reports/TALOS-2016-0193/

Discussion

Anonymous - 2016-10-14

I can't edit my post, so here also more infos:

Codec update link to assist developer:

The OpenJPEG codec version 2.1.2 was released 28th September 2016 and patches the security hole.
http://www.openjpeg.org/2016/09/28/OpenJPEG-2.1.2-released

General info article at: http://thehackernews.com/2016/10/openjpeg-exploit-hack.html

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Anonymous - 2016-11-18

push

Any changes here?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

David Kleiner - 2017-01-04

JPEGView is not affected as JPEGView does not use OpenJPEG nor does it support JPEG2000 at all.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

David Kleiner - 2017-01-04

status: open --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

JPEG2000 security bug in openjp 2.1.1

Lean and fast image viewer with minimal GUI

Group

Searches

Help

#58 JPEG2000 security bug in openjp 2.1.1

Discussion