PSA: OpenJPEG package update breaks Aperio 33003 decoding
Benjamin Gilbert
bgilbert at cs.cmu.edu
Thu Dec 18 21:07:48 EST 2014
On 01/05/2014 12:02 AM, Benjamin Gilbert wrote:
> In response to CVE-2013-6045, Linux distributions are pushing out new
> OpenJPEG packages which fail to properly decode YCbCr images with chroma
> subsampling. With the updated package installed, reading an Aperio
> 33003 slide produces the following error:
>
>> OpenJPEG error: Error decoding tile. Component 1 contains only
>> 32768 blocks while component 0 has 65536 blocks
>
> At the moment, it appears this bug has made its way into Debian, the
> Ubuntu LTS releases, and RHEL 6.
Red Hat has now released updated OpenJPEG packages for RHEL 6:
https://rhn.redhat.com/errata/RHBA-2014-2001.html
Note that they are on the FasTrack channel, which is usually not enabled
by default. So, until the release of RHEL 6.7, you must explicitly
install them.
Debian released corrected packages back in April:
https://lists.debian.org/debian-security-announce/2014/msg00090.html
Ubuntu 10.04, 12.04, and 14.04 have still not picked up the Debian fix,
but AFAIK those are the only remaining distros with the regression. I've
filed an Ubuntu bug:
https://bugs.launchpad.net/ubuntu/+source/openjpeg/+bug/1404084
--Benjamin Gilbert
More information about the openslide-users
mailing list