Описание
Security update for openjpeg2
This update for openjpeg2 fixes the following issues:
- CVE 2016-7163: Integer Overflow could lead to remote code execution (bsc#997857)
- CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead to denial of service (bsc#979907)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Список пакетов
openSUSE Leap 42.2
libopenjp2-7-2.1.0-16.1
libopenjp2-7-32bit-2.1.0-16.1
openjpeg2-2.1.0-16.1
openjpeg2-devel-2.1.0-16.1
openSUSE Leap 42.3
libopenjp2-7-2.1.0-16.1
libopenjp2-7-32bit-2.1.0-16.1
openjpeg2-2.1.0-16.1
openjpeg2-devel-2.1.0-16.1
Ссылки
- E-Mail link for openSUSE-SU-2017:2186-1
- SUSE Security Ratings
Описание
Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.
Затронутые продукты
openSUSE Leap 42.2:libopenjp2-7-2.1.0-16.1
openSUSE Leap 42.2:libopenjp2-7-32bit-2.1.0-16.1
openSUSE Leap 42.2:openjpeg2-2.1.0-16.1
openSUSE Leap 42.2:openjpeg2-devel-2.1.0-16.1
Ссылки
- CVE-2015-8871
- SUSE Bug 1007739
- SUSE Bug 1007744
- SUSE Bug 979907
Описание
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
Затронутые продукты
openSUSE Leap 42.2:libopenjp2-7-2.1.0-16.1
openSUSE Leap 42.2:libopenjp2-7-32bit-2.1.0-16.1
openSUSE Leap 42.2:openjpeg2-2.1.0-16.1
openSUSE Leap 42.2:openjpeg2-devel-2.1.0-16.1
Ссылки
- CVE-2016-7163
- SUSE Bug 1007739
- SUSE Bug 1007744
- SUSE Bug 997857