Several vulnerabilities have been discovered in OpenJPEG, a JPEG 2000 image library, that may lead to denial of service (CVE-2013-1447) via application crash or high memory consumption, possible code execution through heap buffer overflows (CVE-2013-6045), information disclosure (CVE-2013-6052), or yet another heap buffer overflow that only appears to affect OpenJPEG 1.3 (CVE-2013-6054). For the oldstable distribution (squeeze), these problems have been fixed in version 1.3+dfsg-4+squeeze2. For the stable distribution (wheezy), these problems have been fixed in version 1.3+dfsg-4.7. For the testing distribution (jessie), and the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your openjpeg packages.
Several vulnerabilities have been discovered in OpenJPEG, a JPEG 2000 image library, that may lead to denial of service (CVE-2013-1447) via application crash or high memory consumption, possible code execution through heap buffer overflows (CVE-2013-6045), information disclosure (CVE-2013-6052), or yet another heap buffer overflow that only appears to affect OpenJPEG 1.3 (CVE-2013-6054).
For the oldstable distribution (squeeze), these problems have been fixed in version 1.3+dfsg-4+squeeze2.
For the stable distribution (wheezy), these problems have been fixed in version 1.3+dfsg-4.7.
For the testing distribution (jessie), and the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your openjpeg packages.