697230 – JPEG2000 vulnerability in openjp 2.1.1

Bug 697230 - JPEG2000 vulnerability in openjp 2.1.1

Summary: JPEG2000 vulnerability in openjp 2.1.1

Status:	RESOLVED FIXED

Alias:	None

Product:	MuPDF
Classification:	Unclassified
Component:	mupdf (show other bugs)
Version:	unspecified
Hardware:	PC Windows 7

Importance:	P4 normal
Assignee:	MuPDF bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-10-21 02:49 UTC by Delete_Me!
Modified:	2021-01-19 06:28 UTC (History)
CC List:	2 users (show)

See Also:
Customer:
Word Size:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Delete_Me! 2016-10-21 02:49:47 UTC

Does MuPDF use openjp (version 2.1.1) ?
Because that library have a vulnerability when open a JPEG2000 picture. That also affect PDF files too.

Read here for more details: http://www.talosintelligence.com/reports/TALOS-2016-0193/

Comment 1 Robin Watts 2016-10-21 03:31:54 UTC

The latest version of MuPDF (from Git) uses 2.1.2, where this is fixed.

Comment 2 Delete_Me! 2016-10-21 04:02:58 UTC

Nice!
It would be great if we can get that build as executable then.