Описание
Security update for openjpeg2
This update for openjpeg2 fixes several issues.
These security issues were fixed:
- CVE-2016-10507: Integer overflow vulnerability in the bmp24toimage function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file (bsc#1056421).
- CVE-2017-14039: A heap-based buffer overflow was discovered in the opj_t2_encode_packet function. The vulnerability caused an out-of-bounds write, which may have lead to remote denial of service or possibly unspecified other impact (bsc#1056622).
- CVE-2017-14164: A size-validation issue was discovered in opj_j2k_write_sot. The vulnerability caused an out-of-bounds write, which may have lead to remote DoS or possibly remote code execution (bsc#1057511).
- CVE-2017-14040: An invalid write access was discovered in bin/jp2/convert.c, triggering a crash in the tgatoimage function. The vulnerability may have lead to remote denial of service or possibly unspecified other impact (bsc#1056621).
- CVE-2017-14041: A stack-based buffer overflow was discovered in the pgxtoimage function. The vulnerability caused an out-of-bounds write, which may have lead to remote denial of service or possibly remote code execution (bsc#1056562).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
Ссылки
- Link for SUSE-SU-2017:2649-1
- E-Mail link for SUSE-SU-2017:2649-1
- SUSE Security Ratings
- SUSE Bug 1056421
- SUSE Bug 1056562
- SUSE Bug 1056621
- SUSE Bug 1056622
- SUSE Bug 1057511
- SUSE CVE CVE-2016-10507 page
- SUSE CVE CVE-2017-14039 page
- SUSE CVE CVE-2017-14040 page
- SUSE CVE CVE-2017-14041 page
- SUSE CVE CVE-2017-14164 page
Описание
Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file.
Затронутые продукты
Ссылки
- CVE-2016-10507
- SUSE Bug 1056421
Описание
A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
Затронутые продукты
Ссылки
- CVE-2017-14039
- SUSE Bug 1056622
- SUSE Bug 1057511
Описание
An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.
Затронутые продукты
Ссылки
- CVE-2017-14040
- SUSE Bug 1056621
Описание
A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
Затронутые продукты
Ссылки
- CVE-2017-14041
- SUSE Bug 1056562
Описание
A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152.
Затронутые продукты
Ссылки
- CVE-2017-14164
- SUSE Bug 1057511