Fedora has issued an advisory on April 4:
Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron.
Updated openjpeg packages fix security vulnerability:
A heap-based buffer overflow was found in the way openjpeg parsed certain
image files from a JPEG2000 image. If a specially-crafted image were opened
by an application linked against OpenJPEG, it could cause the application to
crash or, potentially, execute arbitrary code with the privileges of the user
running the application (CVE-2014-0158).
Updated packages in core/updates_testing:
Steps to Reproduce:
The patch is to j2k.c, so these sample test procedures should help:
(I found that in Bug 7510).
Testing complete mga4 64
$ image_to_j2k -i Bretagne1.ppm -o Bretagne1.j2k -r 200,50,10
[INFO] tile number 1 / 1
[INFO] - tile encoded in 0.236000 s
Generated outfile Bretagne1.j2k
Testing the others shortly.
Testing complete mga-all-the-others
Advisory uploaded. Validating.
Could sysadmin please push to 3 & 4 updates