Security Alerts & News
by Tymoteusz A. Góral

#1537 OpenJPEG zero-day flaw leads to remote code execution
Cisco Talos researchers have uncovered a severe zero-day flaw in the OpenJPEG JPEG 2000 codec which could lead to remote code execution on compromised systems.

On Friday, researchers from Cisco revealed the existence of the zero-day flaw in the JPEG 2000 image file format parser implemented in OpenJPEG library. The out-of-bounds vulnerability, assigned as CVE-2016-8332, could allow an out-of-bound heap write to occur resulting in heap corruption and arbitrary code execution.

OpenJPEG is an open-source JPEG 2000 codec. Written in C, the software was created to promote JPEG 2000, an image compression standard which is in popular use and is often used for tasks including embedding images within PDF documents through software including Poppler, MuPDF and Pdfium.
Read more
#1540 These ten cities are home to the biggest botnets
#1539 Major security flaw in Samsung Knox could give hackers 'full control' of your phone
#1538 After Mozilla inquiry, Apple untrusts Chinese certificate authority
#1537 OpenJPEG zero-day flaw leads to remote code execution
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12