Univention Bugzilla – Bug 32566
openjpeg: Multiple issues (3.1)
Last modified: 2019-04-11 19:24:04 CEST
Multiple buffer overflows (CVE-2013-4289 CVE-2013-4290)
Several vulnerabilities have been discovered in OpenJPEG, a JPEG 2000 image library, that may lead to denial of service (CVE-2013-1447) via application crash or high memory consumption, possible code execution through heap buffer overflows (CVE-2013-6045), information disclosure (CVE-2013-6052), or yet another heap buffer overflow that only appears to affect OpenJPEG 1.3 (CVE-2013-6054).
(In reply to Moritz Muehlenhoff from comment #0) > Multiple buffer overflows (CVE-2013-4289 CVE-2013-4290) These don't affect Debian/UCS; while the affected code is present in the source package, it's not built.
The maintenance with bug and security fixes for UCS 3.1-x has ended on 31st of May 2014. The maintenance of the UCS 3.x major series is continued by UCS 3.2-x that is supplied with bug and security fixes. Customers still on UCS 3.1-x are encouraged to update to UCS 3.2. Please contact your partner or Univention for any questions.