MGASA-2015-0398

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2015-6581

Published: 13 Oct 2015, 22:40

Last modified:16 Apr 2026, 06:24

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

13 Oct 2015, 22:40

Published

Vulnerability first disclosed

16 Apr 2026, 06:24

Last Modified

Vulnerability information updated

Description

Updated openjpeg2 package fixes security vulnerability Use-after-free vulnerability was found in j2k.c in opj_j2k_write_mco function (rhbz#1263359). Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure (CVE-2015-6581).

Affected Systems

mageia•openjpeg2
< 2.1.0-3.2.mga5

References (4)

https://advisories.mageia.org/MGASA-2015-0398.html
https://bugs.mageia.org/show_bug.cgi?id=16880
https://lists.fedoraproject.org/pipermail/package-announce/2015-October/168012.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-October/168736.html