Описание
Security update for openjpeg2
This update for openjpeg2 fixes the following security issues:
- CVE-2015-1239: A double free vulnerability in the j2k_read_ppm_v3 function allowed remote attackers to cause a denial of service (crash) (bsc#1066713)
- CVE-2017-17479: A stack-based buffer overflow in the pgxtoimage function in jpwl/convert.c could crash the converter. (bsc#1072125)
- CVE-2017-17480: A stack-based buffer overflow in the pgxtovolume function in jp3d/convert.c could crash the converter. (bsc#1072124)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP3
Ссылки
- Link for SUSE-SU-2018:1364-1
- E-Mail link for SUSE-SU-2018:1364-1
- SUSE Security Ratings
- SUSE Bug 1066713
- SUSE Bug 1072124
- SUSE Bug 1072125
- SUSE CVE CVE-2015-1239 page
- SUSE CVE CVE-2017-17479 page
- SUSE CVE CVE-2017-17480 page
Описание
Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.
Затронутые продукты
Ссылки
- CVE-2015-1239
- SUSE Bug 1066713
Описание
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
Затронутые продукты
Ссылки
- CVE-2017-17479
- SUSE Bug 1072125
Описание
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
Затронутые продукты
Ссылки
- CVE-2017-17480
- SUSE Bug 1072124
- SUSE Bug 1072125