Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-8332 (GCVE-0-2016-8332)
Vulnerability from cvelistv5 – Published: 2016-10-28 14:00 – Updated: 2024-08-06 02:20
VLAI?
EPSS
Summary
A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.
Severity ?
7.5 (High)
CWE
- Arbitrary Code Execution
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:20:30.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3768",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3768"
},
{
"name": "93242",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93242"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038623"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0193/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OPENJPEG",
"vendor": "OPENJPEG",
"versions": [
{
"status": "affected",
"version": "2.1.1"
}
]
}
],
"datePublic": "2016-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:54",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "DSA-3768",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3768"
},
{
"name": "93242",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93242"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038623"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0193/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2016-8332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OPENJPEG",
"version": {
"version_data": [
{
"version_value": "2.1.1"
}
]
}
}
]
},
"vendor_name": "OPENJPEG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3768",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3768"
},
{
"name": "93242",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93242"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0193/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0193/"
},
{
"name": "https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2",
"refsource": "MISC",
"url": "https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2016-8332",
"datePublished": "2016-10-28T14:00:00",
"dateReserved": "2016-09-28T00:00:00",
"dateUpdated": "2024-08-06T02:20:30.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:uclouvain:openjpeg:2.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"823009B0-7F45-4F77-B14C-ADA668977F5C\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.\"}, {\"lang\": \"es\", \"value\": \"Un desbordamiento de b\\u00fafer en OpenJPEG 2.1.1 provoca ejecuci\\u00f3n de c\\u00f3digo arbitrario cuando se analiza una imagen manipulada. Una vulnerabilidad explotable de ejecuci\\u00f3n de c\\u00f3digo existe en el analizador de archivo formato de imagen jpeg2000 como se aplica en la librer\\u00eda OpenJpeg. Un archivo jpeg2000 especialmente manipulado puede provocar una escritura fuera de l\\u00edmites resultando en corrupci\\u00f3n de la pila dando lugar a ejecuci\\u00f3n de c\\u00f3digo arbitrario. Para un ataque exitoso, el usuario objetivo necesita abrir un archivo jpeg2000 malicioso. El formato de archivo de jpeg2000 es principalmente utilizado para incrustar im\\u00e1genes dentro de documentos PDF y la librer\\u00eda OpenJpeg es utilizada por un n\\u00famero de visualizadores de PDF populares convirtiendo a los documentos PDF en un vector de ataque probable.\"}]",
"id": "CVE-2016-8332",
"lastModified": "2024-11-21T02:59:10.733",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"talos-cna@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2016-10-28T14:59:00.167",
"references": "[{\"url\": \"http://www.debian.org/security/2017/dsa-3768\", \"source\": \"talos-cna@cisco.com\"}, {\"url\": \"http://www.securityfocus.com/bid/93242\", \"source\": \"talos-cna@cisco.com\"}, {\"url\": \"http://www.securitytracker.com/id/1038623\", \"source\": \"talos-cna@cisco.com\"}, {\"url\": \"http://www.talosintelligence.com/reports/TALOS-2016-0193/\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"talos-cna@cisco.com\"}, {\"url\": \"http://www.debian.org/security/2017/dsa-3768\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/93242\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1038623\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.talosintelligence.com/reports/TALOS-2016-0193/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-8332\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2016-10-28T14:59:00.167\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de b\u00fafer en OpenJPEG 2.1.1 provoca ejecuci\u00f3n de c\u00f3digo arbitrario cuando se analiza una imagen manipulada. Una vulnerabilidad explotable de ejecuci\u00f3n de c\u00f3digo existe en el analizador de archivo formato de imagen jpeg2000 como se aplica en la librer\u00eda OpenJpeg. Un archivo jpeg2000 especialmente manipulado puede provocar una escritura fuera de l\u00edmites resultando en corrupci\u00f3n de la pila dando lugar a ejecuci\u00f3n de c\u00f3digo arbitrario. Para un ataque exitoso, el usuario objetivo necesita abrir un archivo jpeg2000 malicioso. El formato de archivo de jpeg2000 es principalmente utilizado para incrustar im\u00e1genes dentro de documentos PDF y la librer\u00eda OpenJpeg es utilizada por un n\u00famero de visualizadores de PDF populares convirtiendo a los documentos PDF en un vector de ataque probable.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:uclouvain:openjpeg:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"823009B0-7F45-4F77-B14C-ADA668977F5C\"}]}]}],\"references\":[{\"url\":\"http://www.debian.org/security/2017/dsa-3768\",\"source\":\"talos-cna@cisco.com\"},{\"url\":\"http://www.securityfocus.com/bid/93242\",\"source\":\"talos-cna@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id/1038623\",\"source\":\"talos-cna@cisco.com\"},{\"url\":\"http://www.talosintelligence.com/reports/TALOS-2016-0193/\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"talos-cna@cisco.com\"},{\"url\":\"http://www.debian.org/security/2017/dsa-3768\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/93242\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1038623\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.talosintelligence.com/reports/TALOS-2016-0193/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2017-AVI-167
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Google Android (Nexus). Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Google Android (Nexus) toutes versions n'intégrant pas le correctif de sécurité du 5 juin 2017
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eGoogle Android (Nexus) toutes versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 5 juin 2017\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-0636",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0636"
},
{
"name": "CVE-2017-8241",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8241"
},
{
"name": "CVE-2017-0646",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0646"
},
{
"name": "CVE-2017-8240",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8240"
},
{
"name": "CVE-2014-9963",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9963"
},
{
"name": "CVE-2015-9022",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9022"
},
{
"name": "CVE-2017-0638",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0638"
},
{
"name": "CVE-2017-7370",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7370"
},
{
"name": "CVE-2015-9025",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9025"
},
{
"name": "CVE-2014-9965",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9965"
},
{
"name": "CVE-2015-8871",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8871"
},
{
"name": "CVE-2017-8236",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8236"
},
{
"name": "CVE-2017-0647",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0647"
},
{
"name": "CVE-2017-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0651"
},
{
"name": "CVE-2015-9031",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9031"
},
{
"name": "CVE-2015-9023",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9023"
},
{
"name": "CVE-2017-7364",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7364"
},
{
"name": "CVE-2014-9967",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9967"
},
{
"name": "CVE-2017-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8242"
},
{
"name": "CVE-2017-0641",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0641"
},
{
"name": "CVE-2016-5864",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5864"
},
{
"name": "CVE-2015-9029",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9029"
},
{
"name": "CVE-2014-9962",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9962"
},
{
"name": "CVE-2017-0645",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0645"
},
{
"name": "CVE-2014-9954",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9954"
},
{
"name": "CVE-2015-9020",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9020"
},
{
"name": "CVE-2014-9958",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9958"
},
{
"name": "CVE-2017-7371",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7371"
},
{
"name": "CVE-2017-6247",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6247"
},
{
"name": "CVE-2017-0643",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0643"
},
{
"name": "CVE-2014-9959",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9959"
},
{
"name": "CVE-2015-9013",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9013"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2015-9008",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9008"
},
{
"name": "CVE-2015-9014",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9014"
},
{
"name": "CVE-2017-0640",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0640"
},
{
"name": "CVE-2015-9012",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9012"
},
{
"name": "CVE-2014-9953",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9953"
},
{
"name": "CVE-2017-0644",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0644"
},
{
"name": "CVE-2017-5056",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5056"
},
{
"name": "CVE-2017-8233",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8233"
},
{
"name": "CVE-2017-7369",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7369"
},
{
"name": "CVE-2015-9011",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9011"
},
{
"name": "CVE-2016-1029",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1029"
},
{
"name": "CVE-2015-9021",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9021"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2014-9956",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9956"
},
{
"name": "CVE-2016-1034",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1034"
},
{
"name": "CVE-2014-9957",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9957"
},
{
"name": "CVE-2017-0639",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0639"
},
{
"name": "CVE-2015-9033",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9033"
},
{
"name": "CVE-2017-6249",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6249"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-9009",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9009"
},
{
"name": "CVE-2016-1033",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1033"
},
{
"name": "CVE-2017-8235",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8235"
},
{
"name": "CVE-2017-7366",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7366"
},
{
"name": "CVE-2014-9955",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9955"
},
{
"name": "CVE-2017-0650",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0650"
},
{
"name": "CVE-2017-0642",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0642"
},
{
"name": "CVE-2017-0649",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0649"
},
{
"name": "CVE-2015-9028",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9028"
},
{
"name": "CVE-2015-9026",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9026"
},
{
"name": "CVE-2015-9027",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9027"
},
{
"name": "CVE-2017-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0391"
},
{
"name": "CVE-2017-7372",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7372"
},
{
"name": "CVE-2017-7373",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7373"
},
{
"name": "CVE-2015-9010",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9010"
},
{
"name": "CVE-2016-8332",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8332"
},
{
"name": "CVE-2017-7368",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7368"
},
{
"name": "CVE-2014-9961",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9961"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2017-8234",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8234"
},
{
"name": "CVE-2017-0637",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0637"
},
{
"name": "CVE-2015-9032",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9032"
},
{
"name": "CVE-2017-8237",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8237"
},
{
"name": "CVE-2017-7376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7376"
},
{
"name": "CVE-2017-6248",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6248"
},
{
"name": "CVE-2017-6421",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6421"
},
{
"name": "CVE-2017-8239",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8239"
},
{
"name": "CVE-2014-9966",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9966"
},
{
"name": "CVE-2017-7365",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7365"
},
{
"name": "CVE-2015-9015",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9015"
},
{
"name": "CVE-2014-9960",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9960"
},
{
"name": "CVE-2017-7367",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7367"
},
{
"name": "CVE-2015-9030",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9030"
},
{
"name": "CVE-2017-0663",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0663"
},
{
"name": "CVE-2015-9024",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9024"
},
{
"name": "CVE-2016-5861",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5861"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2017-0648",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0648"
},
{
"name": "CVE-2014-9964",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9964"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-167",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-06-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Android (Nexus)\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android (Nexus)",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 05 juin 2017",
"url": "https://source.android.com/security/bulletin/2017-06-01"
}
]
}
CERTFR-2017-AVI-167
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Google Android (Nexus). Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Google Android (Nexus) toutes versions n'intégrant pas le correctif de sécurité du 5 juin 2017
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eGoogle Android (Nexus) toutes versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 5 juin 2017\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-0636",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0636"
},
{
"name": "CVE-2017-8241",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8241"
},
{
"name": "CVE-2017-0646",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0646"
},
{
"name": "CVE-2017-8240",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8240"
},
{
"name": "CVE-2014-9963",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9963"
},
{
"name": "CVE-2015-9022",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9022"
},
{
"name": "CVE-2017-0638",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0638"
},
{
"name": "CVE-2017-7370",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7370"
},
{
"name": "CVE-2015-9025",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9025"
},
{
"name": "CVE-2014-9965",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9965"
},
{
"name": "CVE-2015-8871",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8871"
},
{
"name": "CVE-2017-8236",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8236"
},
{
"name": "CVE-2017-0647",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0647"
},
{
"name": "CVE-2017-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0651"
},
{
"name": "CVE-2015-9031",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9031"
},
{
"name": "CVE-2015-9023",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9023"
},
{
"name": "CVE-2017-7364",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7364"
},
{
"name": "CVE-2014-9967",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9967"
},
{
"name": "CVE-2017-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8242"
},
{
"name": "CVE-2017-0641",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0641"
},
{
"name": "CVE-2016-5864",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5864"
},
{
"name": "CVE-2015-9029",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9029"
},
{
"name": "CVE-2014-9962",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9962"
},
{
"name": "CVE-2017-0645",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0645"
},
{
"name": "CVE-2014-9954",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9954"
},
{
"name": "CVE-2015-9020",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9020"
},
{
"name": "CVE-2014-9958",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9958"
},
{
"name": "CVE-2017-7371",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7371"
},
{
"name": "CVE-2017-6247",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6247"
},
{
"name": "CVE-2017-0643",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0643"
},
{
"name": "CVE-2014-9959",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9959"
},
{
"name": "CVE-2015-9013",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9013"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2015-9008",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9008"
},
{
"name": "CVE-2015-9014",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9014"
},
{
"name": "CVE-2017-0640",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0640"
},
{
"name": "CVE-2015-9012",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9012"
},
{
"name": "CVE-2014-9953",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9953"
},
{
"name": "CVE-2017-0644",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0644"
},
{
"name": "CVE-2017-5056",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5056"
},
{
"name": "CVE-2017-8233",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8233"
},
{
"name": "CVE-2017-7369",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7369"
},
{
"name": "CVE-2015-9011",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9011"
},
{
"name": "CVE-2016-1029",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1029"
},
{
"name": "CVE-2015-9021",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9021"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2014-9956",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9956"
},
{
"name": "CVE-2016-1034",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1034"
},
{
"name": "CVE-2014-9957",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9957"
},
{
"name": "CVE-2017-0639",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0639"
},
{
"name": "CVE-2015-9033",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9033"
},
{
"name": "CVE-2017-6249",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6249"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-9009",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9009"
},
{
"name": "CVE-2016-1033",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1033"
},
{
"name": "CVE-2017-8235",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8235"
},
{
"name": "CVE-2017-7366",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7366"
},
{
"name": "CVE-2014-9955",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9955"
},
{
"name": "CVE-2017-0650",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0650"
},
{
"name": "CVE-2017-0642",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0642"
},
{
"name": "CVE-2017-0649",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0649"
},
{
"name": "CVE-2015-9028",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9028"
},
{
"name": "CVE-2015-9026",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9026"
},
{
"name": "CVE-2015-9027",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9027"
},
{
"name": "CVE-2017-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0391"
},
{
"name": "CVE-2017-7372",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7372"
},
{
"name": "CVE-2017-7373",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7373"
},
{
"name": "CVE-2015-9010",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9010"
},
{
"name": "CVE-2016-8332",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8332"
},
{
"name": "CVE-2017-7368",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7368"
},
{
"name": "CVE-2014-9961",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9961"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2017-8234",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8234"
},
{
"name": "CVE-2017-0637",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0637"
},
{
"name": "CVE-2015-9032",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9032"
},
{
"name": "CVE-2017-8237",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8237"
},
{
"name": "CVE-2017-7376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7376"
},
{
"name": "CVE-2017-6248",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6248"
},
{
"name": "CVE-2017-6421",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6421"
},
{
"name": "CVE-2017-8239",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8239"
},
{
"name": "CVE-2014-9966",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9966"
},
{
"name": "CVE-2017-7365",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7365"
},
{
"name": "CVE-2015-9015",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9015"
},
{
"name": "CVE-2014-9960",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9960"
},
{
"name": "CVE-2017-7367",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7367"
},
{
"name": "CVE-2015-9030",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9030"
},
{
"name": "CVE-2017-0663",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0663"
},
{
"name": "CVE-2015-9024",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9024"
},
{
"name": "CVE-2016-5861",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5861"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2017-0648",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0648"
},
{
"name": "CVE-2014-9964",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9964"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-167",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-06-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Android (Nexus)\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android (Nexus)",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 05 juin 2017",
"url": "https://source.android.com/security/bulletin/2017-06-01"
}
]
}
CNVD-2016-08506
Vulnerability from cnvd - Published: 2016-10-06
VLAI Severity ?
Title
OpenJPEG JPEG 2000存在远程代码执行漏洞
Description
OpenJPEG是一个C语言编写的开放源码的JPEG 2000编解码器。
OpenJPEG JPEG 2000存在远程代码执行漏洞,攻击者利用漏洞通过特制的数据包可触发堆崩溃或执行任意代码。
Severity
高
Formal description
目前厂商尚未有解决方案,详情请关注厂商主页或有关网址: http://www.openjpeg.org/
Reference
http://securityaffairs.co/wordpress/51860/hacking/jpeg-2000-zero-day.html
Impacted products
| Name | OpenJPEG OpenJPEG 2.1.1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2016-8332"
}
},
"description": "OpenJPEG\u662f\u4e00\u4e2aC\u8bed\u8a00\u7f16\u5199\u7684\u5f00\u653e\u6e90\u7801\u7684JPEG 2000\u7f16\u89e3\u7801\u5668\u3002\r\n\r\nOpenJPEG JPEG 2000\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u7279\u5236\u7684\u6570\u636e\u5305\u53ef\u89e6\u53d1\u5806\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "Cisco",
"formalWay": "\u76ee\u524d\u5382\u5546\u5c1a\u672a\u6709\u89e3\u51b3\u65b9\u6848\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u6709\u5173\u7f51\u5740\uff1a \r\nhttp://www.openjpeg.org/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-08506",
"openTime": "2016-10-06",
"products": {
"product": "OpenJPEG OpenJPEG 2.1.1"
},
"referenceLink": "http://securityaffairs.co/wordpress/51860/hacking/jpeg-2000-zero-day.html",
"serverity": "\u9ad8",
"submitTime": "2016-10-05",
"title": "OpenJPEG JPEG 2000\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}
FKIE_CVE-2016-8332
Vulnerability from fkie_nvd - Published: 2016-10-28 14:59 - Updated: 2025-04-12 10:46
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uclouvain:openjpeg:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "823009B0-7F45-4F77-B14C-ADA668977F5C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en OpenJPEG 2.1.1 provoca ejecuci\u00f3n de c\u00f3digo arbitrario cuando se analiza una imagen manipulada. Una vulnerabilidad explotable de ejecuci\u00f3n de c\u00f3digo existe en el analizador de archivo formato de imagen jpeg2000 como se aplica en la librer\u00eda OpenJpeg. Un archivo jpeg2000 especialmente manipulado puede provocar una escritura fuera de l\u00edmites resultando en corrupci\u00f3n de la pila dando lugar a ejecuci\u00f3n de c\u00f3digo arbitrario. Para un ataque exitoso, el usuario objetivo necesita abrir un archivo jpeg2000 malicioso. El formato de archivo de jpeg2000 es principalmente utilizado para incrustar im\u00e1genes dentro de documentos PDF y la librer\u00eda OpenJpeg es utilizada por un n\u00famero de visualizadores de PDF populares convirtiendo a los documentos PDF en un vector de ataque probable."
}
],
"id": "CVE-2016-8332",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-28T14:59:00.167",
"references": [
{
"source": "talos-cna@cisco.com",
"url": "http://www.debian.org/security/2017/dsa-3768"
},
{
"source": "talos-cna@cisco.com",
"url": "http://www.securityfocus.com/bid/93242"
},
{
"source": "talos-cna@cisco.com",
"url": "http://www.securitytracker.com/id/1038623"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0193/"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2"
},
{
"source": "talos-cna@cisco.com",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0193/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
SUSE-SU-2016:3270-1
Vulnerability from csaf_suse - Published: 2016-12-27 10:28 - Updated: 2016-12-27 10:28Summary
Security update for openjpeg2
Notes
Title of the patch
Security update for openjpeg2
Description of the patch
This update for openjpeg2 fixes the following issues:
* CVE-2016-9114: NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740]
* CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741]
* CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975]
* CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743]
* CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744]
* CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747]
* CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742]
* CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739]
* CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543]
* CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414]
* CVE-2016-7445: Null pointer dereference in convert.c could lead to crash [bsc#999817]
Patchnames
SUSE-SLE-DESKTOP-12-SP2-2016-1914,SUSE-SLE-RPI-12-SP2-2016-1914,SUSE-SLE-SERVER-12-SP2-2016-1914
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openjpeg2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for openjpeg2 fixes the following issues:\n\n* CVE-2016-9114: NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740]\n* CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741]\n* CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975]\n* CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n* CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] \n* CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] \n* CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n* CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] \n* CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543]\n* CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] \n* CVE-2016-7445: Null pointer dereference in convert.c could lead to crash [bsc#999817] \n \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP2-2016-1914,SUSE-SLE-RPI-12-SP2-2016-1914,SUSE-SLE-SERVER-12-SP2-2016-1914",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_3270-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:3270-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20163270-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:3270-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-December/002525.html"
},
{
"category": "self",
"summary": "SUSE Bug 1002414",
"url": "https://bugzilla.suse.com/1002414"
},
{
"category": "self",
"summary": "SUSE Bug 1007739",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "self",
"summary": "SUSE Bug 1007740",
"url": "https://bugzilla.suse.com/1007740"
},
{
"category": "self",
"summary": "SUSE Bug 1007741",
"url": "https://bugzilla.suse.com/1007741"
},
{
"category": "self",
"summary": "SUSE Bug 1007742",
"url": "https://bugzilla.suse.com/1007742"
},
{
"category": "self",
"summary": "SUSE Bug 1007743",
"url": "https://bugzilla.suse.com/1007743"
},
{
"category": "self",
"summary": "SUSE Bug 1007744",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "self",
"summary": "SUSE Bug 1007747",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "self",
"summary": "SUSE Bug 1014543",
"url": "https://bugzilla.suse.com/1014543"
},
{
"category": "self",
"summary": "SUSE Bug 1014975",
"url": "https://bugzilla.suse.com/1014975"
},
{
"category": "self",
"summary": "SUSE Bug 999817",
"url": "https://bugzilla.suse.com/999817"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7445 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7445/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8332 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9112 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9113 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9114 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9115 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9116 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9117 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9118 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9572 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9573 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9573/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9580 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9581 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9581/"
}
],
"title": "Security update for openjpeg2",
"tracking": {
"current_release_date": "2016-12-27T10:28:49Z",
"generator": {
"date": "2016-12-27T10:28:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:3270-1",
"initial_release_date": "2016-12-27T10:28:49Z",
"revision_history": [
{
"date": "2016-12-27T10:28:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-3.1.aarch64",
"product": {
"name": "libopenjp2-7-2.1.0-3.1.aarch64",
"product_id": "libopenjp2-7-2.1.0-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-3.1.ppc64le",
"product": {
"name": "libopenjp2-7-2.1.0-3.1.ppc64le",
"product_id": "libopenjp2-7-2.1.0-3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-3.1.s390x",
"product": {
"name": "libopenjp2-7-2.1.0-3.1.s390x",
"product_id": "libopenjp2-7-2.1.0-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-3.1.x86_64",
"product": {
"name": "libopenjp2-7-2.1.0-3.1.x86_64",
"product_id": "libopenjp2-7-2.1.0-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
},
"product_reference": "libopenjp2-7-2.1.0-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-3.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64"
},
"product_reference": "libopenjp2-7-2.1.0-3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64"
},
"product_reference": "libopenjp2-7-2.1.0-3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le"
},
"product_reference": "libopenjp2-7-2.1.0-3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-3.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x"
},
"product_reference": "libopenjp2-7-2.1.0-3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
},
"product_reference": "libopenjp2-7-2.1.0-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64"
},
"product_reference": "libopenjp2-7-2.1.0-3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le"
},
"product_reference": "libopenjp2-7-2.1.0-3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x"
},
"product_reference": "libopenjp2-7-2.1.0-3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
},
"product_reference": "libopenjp2-7-2.1.0-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-7445",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7445"
}
],
"notes": [
{
"category": "general",
"text": "convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7445",
"url": "https://www.suse.com/security/cve/CVE-2016-7445"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-7445",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-7445",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-7445",
"url": "https://bugzilla.suse.com/1015662"
},
{
"category": "external",
"summary": "SUSE Bug 999817 for CVE-2016-7445",
"url": "https://bugzilla.suse.com/999817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "important"
}
],
"title": "CVE-2016-7445"
},
{
"cve": "CVE-2016-8332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8332"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8332",
"url": "https://www.suse.com/security/cve/CVE-2016-8332"
},
{
"category": "external",
"summary": "SUSE Bug 1002414 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1002414"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "important"
}
],
"title": "CVE-2016-8332"
},
{
"cve": "CVE-2016-9112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9112"
}
],
"notes": [
{
"category": "general",
"text": "Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9112",
"url": "https://www.suse.com/security/cve/CVE-2016-9112"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9112",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9112",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9112",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9112",
"url": "https://bugzilla.suse.com/1015662"
},
{
"category": "external",
"summary": "SUSE Bug 1056396 for CVE-2016-9112",
"url": "https://bugzilla.suse.com/1056396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-9112"
},
{
"cve": "CVE-2016-9113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9113"
}
],
"notes": [
{
"category": "general",
"text": "There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image-\u003ecomps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9113",
"url": "https://www.suse.com/security/cve/CVE-2016-9113"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9113",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9113",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9113",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9113",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-9113"
},
{
"cve": "CVE-2016-9114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9114"
}
],
"notes": [
{
"category": "general",
"text": "There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image-\u003ecomps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9114",
"url": "https://www.suse.com/security/cve/CVE-2016-9114"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9114",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007740 for CVE-2016-9114",
"url": "https://bugzilla.suse.com/1007740"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9114",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9114",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9114",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-9114"
},
{
"cve": "CVE-2016-9115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9115"
}
],
"notes": [
{
"category": "general",
"text": "Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9115",
"url": "https://www.suse.com/security/cve/CVE-2016-9115"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9115",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007741 for CVE-2016-9115",
"url": "https://bugzilla.suse.com/1007741"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9115",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9115",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9115",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-9115"
},
{
"cve": "CVE-2016-9116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9116"
}
],
"notes": [
{
"category": "general",
"text": "NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9116",
"url": "https://www.suse.com/security/cve/CVE-2016-9116"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9116",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007742 for CVE-2016-9116",
"url": "https://bugzilla.suse.com/1007742"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9116",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9116",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9116",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-9116"
},
{
"cve": "CVE-2016-9117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9117"
}
],
"notes": [
{
"category": "general",
"text": "NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9117",
"url": "https://www.suse.com/security/cve/CVE-2016-9117"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9117",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007743 for CVE-2016-9117",
"url": "https://bugzilla.suse.com/1007743"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9117",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9117",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9117",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-9117"
},
{
"cve": "CVE-2016-9118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9118"
}
],
"notes": [
{
"category": "general",
"text": "Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9118",
"url": "https://www.suse.com/security/cve/CVE-2016-9118"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9118",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9118",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9118",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9118",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-9118"
},
{
"cve": "CVE-2016-9572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9572"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9572",
"url": "https://www.suse.com/security/cve/CVE-2016-9572"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9572",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9572",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1014543 for CVE-2016-9572",
"url": "https://bugzilla.suse.com/1014543"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9572",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-9572"
},
{
"cve": "CVE-2016-9573",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9573"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9573",
"url": "https://www.suse.com/security/cve/CVE-2016-9573"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9573",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9573",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1014543 for CVE-2016-9573",
"url": "https://bugzilla.suse.com/1014543"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9573",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-9573"
},
{
"cve": "CVE-2016-9580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9580"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9580",
"url": "https://www.suse.com/security/cve/CVE-2016-9580"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9580",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9580",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1014975 for CVE-2016-9580",
"url": "https://bugzilla.suse.com/1014975"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9580",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-9580"
},
{
"cve": "CVE-2016-9581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9581"
}
],
"notes": [
{
"category": "general",
"text": "An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9581",
"url": "https://www.suse.com/security/cve/CVE-2016-9581"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9581",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9581",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1014975 for CVE-2016-9581",
"url": "https://bugzilla.suse.com/1014975"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9581",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-9581"
}
]
}
GSD-2016-8332
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-8332",
"description": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.",
"id": "GSD-2016-8332",
"references": [
"https://www.suse.com/security/cve/CVE-2016-8332.html",
"https://www.debian.org/security/2017/dsa-3768",
"https://advisories.mageia.org/CVE-2016-8332.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-8332"
],
"details": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.",
"id": "GSD-2016-8332",
"modified": "2023-12-13T01:21:22.491427Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2016-8332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OPENJPEG",
"version": {
"version_data": [
{
"version_value": "2.1.1"
}
]
}
}
]
},
"vendor_name": "OPENJPEG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3768",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3768"
},
{
"name": "93242",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93242"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0193/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0193/"
},
{
"name": "https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2",
"refsource": "MISC",
"url": "https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:uclouvain:openjpeg:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2016-8332"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0193/",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0193/"
},
{
"name": "https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2",
"refsource": "MISC",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2"
},
{
"name": "93242",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/93242"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1038623"
},
{
"name": "DSA-3768",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2017/dsa-3768"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"tags": [],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-04-19T20:15Z",
"publishedDate": "2016-10-28T14:59Z"
}
}
}
OPENSUSE-SU-2017:2567-1
Vulnerability from csaf_opensuse - Published: 2017-09-25 21:34 - Updated: 2017-09-25 21:34Summary
Security update for openjpeg2
Notes
Title of the patch
Security update for openjpeg2
Description of the patch
This update for openjpeg2 fixes the following issues:
* CVE-2016-9114: NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740]
* CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741]
* CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975]
* CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743]
* CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744]
* CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747]
* CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742]
* CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739]
* CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543]
* CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414]
* CVE-2016-7445: Null pointer dereference in convert.c could lead to crash [bsc#999817]
* CVE 2016-7163: Integer Overflow could lead to remote code execution [bsc#997857]
* CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead to denial of service [bsc#979907]
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Patchnames
openSUSE-2017-1090
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openjpeg2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openjpeg2 fixes the following issues:\n\n* CVE-2016-9114: NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740]\n* CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741]\n* CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975]\n* CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n* CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] \n* CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] \n* CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n* CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] \n* CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543]\n* CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] \n* CVE-2016-7445: Null pointer dereference in convert.c could lead to crash [bsc#999817] \n* CVE 2016-7163: Integer Overflow could lead to remote code execution [bsc#997857]\n* CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead to denial of service [bsc#979907]\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2017-1090",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2017_2567-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2017:2567-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AL7JYPSOTOZ4UZQTE7T4Y3J7RCMV7M6M/#AL7JYPSOTOZ4UZQTE7T4Y3J7RCMV7M6M"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2017:2567-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AL7JYPSOTOZ4UZQTE7T4Y3J7RCMV7M6M/#AL7JYPSOTOZ4UZQTE7T4Y3J7RCMV7M6M"
},
{
"category": "self",
"summary": "SUSE Bug 1002414",
"url": "https://bugzilla.suse.com/1002414"
},
{
"category": "self",
"summary": "SUSE Bug 1007739",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "self",
"summary": "SUSE Bug 1007740",
"url": "https://bugzilla.suse.com/1007740"
},
{
"category": "self",
"summary": "SUSE Bug 1007741",
"url": "https://bugzilla.suse.com/1007741"
},
{
"category": "self",
"summary": "SUSE Bug 1007742",
"url": "https://bugzilla.suse.com/1007742"
},
{
"category": "self",
"summary": "SUSE Bug 1007743",
"url": "https://bugzilla.suse.com/1007743"
},
{
"category": "self",
"summary": "SUSE Bug 1007744",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "self",
"summary": "SUSE Bug 1007747",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "self",
"summary": "SUSE Bug 1014543",
"url": "https://bugzilla.suse.com/1014543"
},
{
"category": "self",
"summary": "SUSE Bug 1014975",
"url": "https://bugzilla.suse.com/1014975"
},
{
"category": "self",
"summary": "SUSE Bug 979907",
"url": "https://bugzilla.suse.com/979907"
},
{
"category": "self",
"summary": "SUSE Bug 997857",
"url": "https://bugzilla.suse.com/997857"
},
{
"category": "self",
"summary": "SUSE Bug 999817",
"url": "https://bugzilla.suse.com/999817"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8871 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7163 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7445 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7445/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8332 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9112 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9113 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9114 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9115 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9116 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9117 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9118 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9572 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9573 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9573/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9580 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9581 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9581/"
}
],
"title": "Security update for openjpeg2",
"tracking": {
"current_release_date": "2017-09-25T21:34:20Z",
"generator": {
"date": "2017-09-25T21:34:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2017:2567-1",
"initial_release_date": "2017-09-25T21:34:20Z",
"revision_history": [
{
"date": "2017-09-25T21:34:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-6.1.aarch64",
"product": {
"name": "libopenjp2-7-2.1.0-6.1.aarch64",
"product_id": "libopenjp2-7-2.1.0-6.1.aarch64"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.1.0-6.1.aarch64",
"product": {
"name": "openjpeg2-2.1.0-6.1.aarch64",
"product_id": "openjpeg2-2.1.0-6.1.aarch64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.1.0-6.1.aarch64",
"product": {
"name": "openjpeg2-devel-2.1.0-6.1.aarch64",
"product_id": "openjpeg2-devel-2.1.0-6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-6.1.ppc64le",
"product": {
"name": "libopenjp2-7-2.1.0-6.1.ppc64le",
"product_id": "libopenjp2-7-2.1.0-6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.1.0-6.1.ppc64le",
"product": {
"name": "openjpeg2-2.1.0-6.1.ppc64le",
"product_id": "openjpeg2-2.1.0-6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.1.0-6.1.ppc64le",
"product": {
"name": "openjpeg2-devel-2.1.0-6.1.ppc64le",
"product_id": "openjpeg2-devel-2.1.0-6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-6.1.s390x",
"product": {
"name": "libopenjp2-7-2.1.0-6.1.s390x",
"product_id": "libopenjp2-7-2.1.0-6.1.s390x"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.1.0-6.1.s390x",
"product": {
"name": "openjpeg2-2.1.0-6.1.s390x",
"product_id": "openjpeg2-2.1.0-6.1.s390x"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.1.0-6.1.s390x",
"product": {
"name": "openjpeg2-devel-2.1.0-6.1.s390x",
"product_id": "openjpeg2-devel-2.1.0-6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-6.1.x86_64",
"product": {
"name": "libopenjp2-7-2.1.0-6.1.x86_64",
"product_id": "libopenjp2-7-2.1.0-6.1.x86_64"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.1.0-6.1.x86_64",
"product": {
"name": "openjpeg2-2.1.0-6.1.x86_64",
"product_id": "openjpeg2-2.1.0-6.1.x86_64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.1.0-6.1.x86_64",
"product": {
"name": "openjpeg2-devel-2.1.0-6.1.x86_64",
"product_id": "openjpeg2-devel-2.1.0-6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Package Hub 12 SP1",
"product": {
"name": "SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64"
},
"product_reference": "libopenjp2-7-2.1.0-6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le"
},
"product_reference": "libopenjp2-7-2.1.0-6.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-6.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x"
},
"product_reference": "libopenjp2-7-2.1.0-6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64"
},
"product_reference": "libopenjp2-7-2.1.0-6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64"
},
"product_reference": "openjpeg2-2.1.0-6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le"
},
"product_reference": "openjpeg2-2.1.0-6.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.1.0-6.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x"
},
"product_reference": "openjpeg2-2.1.0-6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64"
},
"product_reference": "openjpeg2-2.1.0-6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64"
},
"product_reference": "openjpeg2-devel-2.1.0-6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le"
},
"product_reference": "openjpeg2-devel-2.1.0-6.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.1.0-6.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x"
},
"product_reference": "openjpeg2-devel-2.1.0-6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
},
"product_reference": "openjpeg2-devel-2.1.0-6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64"
},
"product_reference": "libopenjp2-7-2.1.0-6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le"
},
"product_reference": "libopenjp2-7-2.1.0-6.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-6.1.s390x as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x"
},
"product_reference": "libopenjp2-7-2.1.0-6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64"
},
"product_reference": "libopenjp2-7-2.1.0-6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64"
},
"product_reference": "openjpeg2-2.1.0-6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le"
},
"product_reference": "openjpeg2-2.1.0-6.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.1.0-6.1.s390x as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x"
},
"product_reference": "openjpeg2-2.1.0-6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64"
},
"product_reference": "openjpeg2-2.1.0-6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64"
},
"product_reference": "openjpeg2-devel-2.1.0-6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le"
},
"product_reference": "openjpeg2-devel-2.1.0-6.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.1.0-6.1.s390x as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x"
},
"product_reference": "openjpeg2-devel-2.1.0-6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64"
},
"product_reference": "openjpeg2-devel-2.1.0-6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-8871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8871"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8871",
"url": "https://www.suse.com/security/cve/CVE-2015-8871"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2015-8871",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2015-8871",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 979907 for CVE-2015-8871",
"url": "https://bugzilla.suse.com/979907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2015-8871"
},
{
"cve": "CVE-2016-7163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7163"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7163",
"url": "https://www.suse.com/security/cve/CVE-2016-7163"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-7163",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-7163",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 997857 for CVE-2016-7163",
"url": "https://bugzilla.suse.com/997857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "critical"
}
],
"title": "CVE-2016-7163"
},
{
"cve": "CVE-2016-7445",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7445"
}
],
"notes": [
{
"category": "general",
"text": "convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7445",
"url": "https://www.suse.com/security/cve/CVE-2016-7445"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-7445",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-7445",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-7445",
"url": "https://bugzilla.suse.com/1015662"
},
{
"category": "external",
"summary": "SUSE Bug 999817 for CVE-2016-7445",
"url": "https://bugzilla.suse.com/999817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "important"
}
],
"title": "CVE-2016-7445"
},
{
"cve": "CVE-2016-8332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8332"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8332",
"url": "https://www.suse.com/security/cve/CVE-2016-8332"
},
{
"category": "external",
"summary": "SUSE Bug 1002414 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1002414"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "important"
}
],
"title": "CVE-2016-8332"
},
{
"cve": "CVE-2016-9112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9112"
}
],
"notes": [
{
"category": "general",
"text": "Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9112",
"url": "https://www.suse.com/security/cve/CVE-2016-9112"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9112",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9112",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9112",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9112",
"url": "https://bugzilla.suse.com/1015662"
},
{
"category": "external",
"summary": "SUSE Bug 1056396 for CVE-2016-9112",
"url": "https://bugzilla.suse.com/1056396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-9112"
},
{
"cve": "CVE-2016-9113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9113"
}
],
"notes": [
{
"category": "general",
"text": "There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image-\u003ecomps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9113",
"url": "https://www.suse.com/security/cve/CVE-2016-9113"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9113",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9113",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9113",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9113",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-9113"
},
{
"cve": "CVE-2016-9114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9114"
}
],
"notes": [
{
"category": "general",
"text": "There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image-\u003ecomps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9114",
"url": "https://www.suse.com/security/cve/CVE-2016-9114"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9114",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007740 for CVE-2016-9114",
"url": "https://bugzilla.suse.com/1007740"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9114",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9114",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9114",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-9114"
},
{
"cve": "CVE-2016-9115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9115"
}
],
"notes": [
{
"category": "general",
"text": "Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9115",
"url": "https://www.suse.com/security/cve/CVE-2016-9115"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9115",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007741 for CVE-2016-9115",
"url": "https://bugzilla.suse.com/1007741"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9115",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9115",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9115",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-9115"
},
{
"cve": "CVE-2016-9116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9116"
}
],
"notes": [
{
"category": "general",
"text": "NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9116",
"url": "https://www.suse.com/security/cve/CVE-2016-9116"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9116",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007742 for CVE-2016-9116",
"url": "https://bugzilla.suse.com/1007742"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9116",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9116",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9116",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-9116"
},
{
"cve": "CVE-2016-9117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9117"
}
],
"notes": [
{
"category": "general",
"text": "NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9117",
"url": "https://www.suse.com/security/cve/CVE-2016-9117"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9117",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007743 for CVE-2016-9117",
"url": "https://bugzilla.suse.com/1007743"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9117",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9117",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9117",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-9117"
},
{
"cve": "CVE-2016-9118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9118"
}
],
"notes": [
{
"category": "general",
"text": "Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9118",
"url": "https://www.suse.com/security/cve/CVE-2016-9118"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9118",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9118",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9118",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9118",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-9118"
},
{
"cve": "CVE-2016-9572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9572"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9572",
"url": "https://www.suse.com/security/cve/CVE-2016-9572"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9572",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9572",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1014543 for CVE-2016-9572",
"url": "https://bugzilla.suse.com/1014543"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9572",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-9572"
},
{
"cve": "CVE-2016-9573",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9573"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9573",
"url": "https://www.suse.com/security/cve/CVE-2016-9573"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9573",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9573",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1014543 for CVE-2016-9573",
"url": "https://bugzilla.suse.com/1014543"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9573",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-9573"
},
{
"cve": "CVE-2016-9580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9580"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9580",
"url": "https://www.suse.com/security/cve/CVE-2016-9580"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9580",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9580",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1014975 for CVE-2016-9580",
"url": "https://bugzilla.suse.com/1014975"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9580",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-9580"
},
{
"cve": "CVE-2016-9581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9581"
}
],
"notes": [
{
"category": "general",
"text": "An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9581",
"url": "https://www.suse.com/security/cve/CVE-2016-9581"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9581",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9581",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1014975 for CVE-2016-9581",
"url": "https://bugzilla.suse.com/1014975"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9581",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-9581"
}
]
}
OPENSUSE-SU-2024:11120-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libopenjp2-7-2.4.0-1.4 on GA media
Notes
Title of the patch
libopenjp2-7-2.4.0-1.4 on GA media
Description of the patch
These are all security issues fixed in the libopenjp2-7-2.4.0-1.4 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11120
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libopenjp2-7-2.4.0-1.4 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libopenjp2-7-2.4.0-1.4 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11120",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11120-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10504 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10505 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10506 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5139 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5152 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5158 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8332 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12982 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14039 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14040 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14040/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14041 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14041/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14151 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14152 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14423 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14423/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16375 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16375/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18088 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5727 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5785 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6616 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7648 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12973 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6851 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8112 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8112/"
}
],
"title": "libopenjp2-7-2.4.0-1.4 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11120-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.4.0-1.4.aarch64",
"product": {
"name": "libopenjp2-7-2.4.0-1.4.aarch64",
"product_id": "libopenjp2-7-2.4.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"product": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"product_id": "libopenjp2-7-32bit-2.4.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.4.0-1.4.aarch64",
"product": {
"name": "openjpeg2-2.4.0-1.4.aarch64",
"product_id": "openjpeg2-2.4.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.4.0-1.4.aarch64",
"product": {
"name": "openjpeg2-devel-2.4.0-1.4.aarch64",
"product_id": "openjpeg2-devel-2.4.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"product": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"product_id": "openjpeg2-devel-doc-2.4.0-1.4.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.4.0-1.4.ppc64le",
"product": {
"name": "libopenjp2-7-2.4.0-1.4.ppc64le",
"product_id": "libopenjp2-7-2.4.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"product": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"product_id": "libopenjp2-7-32bit-2.4.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.4.0-1.4.ppc64le",
"product": {
"name": "openjpeg2-2.4.0-1.4.ppc64le",
"product_id": "openjpeg2-2.4.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.4.0-1.4.ppc64le",
"product": {
"name": "openjpeg2-devel-2.4.0-1.4.ppc64le",
"product_id": "openjpeg2-devel-2.4.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"product": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"product_id": "openjpeg2-devel-doc-2.4.0-1.4.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.4.0-1.4.s390x",
"product": {
"name": "libopenjp2-7-2.4.0-1.4.s390x",
"product_id": "libopenjp2-7-2.4.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-32bit-2.4.0-1.4.s390x",
"product": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.s390x",
"product_id": "libopenjp2-7-32bit-2.4.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.4.0-1.4.s390x",
"product": {
"name": "openjpeg2-2.4.0-1.4.s390x",
"product_id": "openjpeg2-2.4.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.4.0-1.4.s390x",
"product": {
"name": "openjpeg2-devel-2.4.0-1.4.s390x",
"product_id": "openjpeg2-devel-2.4.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-doc-2.4.0-1.4.s390x",
"product": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.s390x",
"product_id": "openjpeg2-devel-doc-2.4.0-1.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.4.0-1.4.x86_64",
"product": {
"name": "libopenjp2-7-2.4.0-1.4.x86_64",
"product_id": "libopenjp2-7-2.4.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"product": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"product_id": "libopenjp2-7-32bit-2.4.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.4.0-1.4.x86_64",
"product": {
"name": "openjpeg2-2.4.0-1.4.x86_64",
"product_id": "openjpeg2-2.4.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.4.0-1.4.x86_64",
"product": {
"name": "openjpeg2-devel-2.4.0-1.4.x86_64",
"product_id": "openjpeg2-devel-2.4.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-doc-2.4.0-1.4.x86_64",
"product": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.x86_64",
"product_id": "openjpeg2-devel-doc-2.4.0-1.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.4.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64"
},
"product_reference": "libopenjp2-7-2.4.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.4.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le"
},
"product_reference": "libopenjp2-7-2.4.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.4.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x"
},
"product_reference": "libopenjp2-7-2.4.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.4.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64"
},
"product_reference": "libopenjp2-7-2.4.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64"
},
"product_reference": "libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le"
},
"product_reference": "libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x"
},
"product_reference": "libopenjp2-7-32bit-2.4.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64"
},
"product_reference": "libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.4.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64"
},
"product_reference": "openjpeg2-2.4.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.4.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le"
},
"product_reference": "openjpeg2-2.4.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.4.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x"
},
"product_reference": "openjpeg2-2.4.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.4.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64"
},
"product_reference": "openjpeg2-2.4.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.4.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64"
},
"product_reference": "openjpeg2-devel-2.4.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.4.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le"
},
"product_reference": "openjpeg2-devel-2.4.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.4.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x"
},
"product_reference": "openjpeg2-devel-2.4.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.4.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64"
},
"product_reference": "openjpeg2-devel-2.4.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64"
},
"product_reference": "openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le"
},
"product_reference": "openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x"
},
"product_reference": "openjpeg2-devel-doc-2.4.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
},
"product_reference": "openjpeg2-devel-doc-2.4.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-10504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10504"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10504",
"url": "https://www.suse.com/security/cve/CVE-2016-10504"
},
{
"category": "external",
"summary": "SUSE Bug 1056351 for CVE-2016-10504",
"url": "https://bugzilla.suse.com/1056351"
},
{
"category": "external",
"summary": "SUSE Bug 1179594 for CVE-2016-10504",
"url": "https://bugzilla.suse.com/1179594"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-10504"
},
{
"cve": "CVE-2016-10505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10505"
}
],
"notes": [
{
"category": "general",
"text": "NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10505",
"url": "https://www.suse.com/security/cve/CVE-2016-10505"
},
{
"category": "external",
"summary": "SUSE Bug 1056363 for CVE-2016-10505",
"url": "https://bugzilla.suse.com/1056363"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-10505"
},
{
"cve": "CVE-2016-10506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10506"
}
],
"notes": [
{
"category": "general",
"text": "Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10506",
"url": "https://www.suse.com/security/cve/CVE-2016-10506"
},
{
"category": "external",
"summary": "SUSE Bug 1056396 for CVE-2016-10506",
"url": "https://bugzilla.suse.com/1056396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-10506"
},
{
"cve": "CVE-2016-5139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5139"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5139",
"url": "https://www.suse.com/security/cve/CVE-2016-5139"
},
{
"category": "external",
"summary": "SUSE Bug 992305 for CVE-2016-5139",
"url": "https://bugzilla.suse.com/992305"
},
{
"category": "external",
"summary": "SUSE Bug 992311 for CVE-2016-5139",
"url": "https://bugzilla.suse.com/992311"
},
{
"category": "external",
"summary": "SUSE Bug 992325 for CVE-2016-5139",
"url": "https://bugzilla.suse.com/992325"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-5139"
},
{
"cve": "CVE-2016-5152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5152"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5152",
"url": "https://www.suse.com/security/cve/CVE-2016-5152"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5152",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-5152"
},
{
"cve": "CVE-2016-5158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5158"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5158",
"url": "https://www.suse.com/security/cve/CVE-2016-5158"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5158",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-5158"
},
{
"cve": "CVE-2016-8332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8332"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8332",
"url": "https://www.suse.com/security/cve/CVE-2016-8332"
},
{
"category": "external",
"summary": "SUSE Bug 1002414 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1002414"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-8332"
},
{
"cve": "CVE-2017-12982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12982"
}
],
"notes": [
{
"category": "general",
"text": "The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12982",
"url": "https://www.suse.com/security/cve/CVE-2017-12982"
},
{
"category": "external",
"summary": "SUSE Bug 1054696 for CVE-2017-12982",
"url": "https://bugzilla.suse.com/1054696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-12982"
},
{
"cve": "CVE-2017-14039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14039"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14039",
"url": "https://www.suse.com/security/cve/CVE-2017-14039"
},
{
"category": "external",
"summary": "SUSE Bug 1056622 for CVE-2017-14039",
"url": "https://bugzilla.suse.com/1056622"
},
{
"category": "external",
"summary": "SUSE Bug 1057511 for CVE-2017-14039",
"url": "https://bugzilla.suse.com/1057511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-14039"
},
{
"cve": "CVE-2017-14040",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14040"
}
],
"notes": [
{
"category": "general",
"text": "An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14040",
"url": "https://www.suse.com/security/cve/CVE-2017-14040"
},
{
"category": "external",
"summary": "SUSE Bug 1056621 for CVE-2017-14040",
"url": "https://bugzilla.suse.com/1056621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-14040"
},
{
"cve": "CVE-2017-14041",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14041"
}
],
"notes": [
{
"category": "general",
"text": "A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14041",
"url": "https://www.suse.com/security/cve/CVE-2017-14041"
},
{
"category": "external",
"summary": "SUSE Bug 1056562 for CVE-2017-14041",
"url": "https://bugzilla.suse.com/1056562"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-14041"
},
{
"cve": "CVE-2017-14151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14151"
}
],
"notes": [
{
"category": "general",
"text": "An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in lib/openjp2/t1.c) or possibly remote code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14151",
"url": "https://www.suse.com/security/cve/CVE-2017-14151"
},
{
"category": "external",
"summary": "SUSE Bug 1057336 for CVE-2017-14151",
"url": "https://bugzilla.suse.com/1057336"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-14151"
},
{
"cve": "CVE-2017-14152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14152"
}
],
"notes": [
{
"category": "general",
"text": "A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14152",
"url": "https://www.suse.com/security/cve/CVE-2017-14152"
},
{
"category": "external",
"summary": "SUSE Bug 1057335 for CVE-2017-14152",
"url": "https://bugzilla.suse.com/1057335"
},
{
"category": "external",
"summary": "SUSE Bug 1057511 for CVE-2017-14152",
"url": "https://bugzilla.suse.com/1057511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-14152"
},
{
"cve": "CVE-2018-14423",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14423"
}
],
"notes": [
{
"category": "general",
"text": "Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14423",
"url": "https://www.suse.com/security/cve/CVE-2018-14423"
},
{
"category": "external",
"summary": "SUSE Bug 1102016 for CVE-2018-14423",
"url": "https://bugzilla.suse.com/1102016"
},
{
"category": "external",
"summary": "SUSE Bug 1140130 for CVE-2018-14423",
"url": "https://bugzilla.suse.com/1140130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-14423"
},
{
"cve": "CVE-2018-16375",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16375"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16375",
"url": "https://www.suse.com/security/cve/CVE-2018-16375"
},
{
"category": "external",
"summary": "SUSE Bug 1106882 for CVE-2018-16375",
"url": "https://bugzilla.suse.com/1106882"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16375"
},
{
"cve": "CVE-2018-18088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18088"
}
],
"notes": [
{
"category": "general",
"text": "OpenJPEG 2.3.0 has a NULL pointer dereference for \"red\" in the imagetopnm function of jp2/convert.c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18088",
"url": "https://www.suse.com/security/cve/CVE-2018-18088"
},
{
"category": "external",
"summary": "SUSE Bug 1111638 for CVE-2018-18088",
"url": "https://bugzilla.suse.com/1111638"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-18088"
},
{
"cve": "CVE-2018-5727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5727"
}
],
"notes": [
{
"category": "general",
"text": "In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5727",
"url": "https://www.suse.com/security/cve/CVE-2018-5727"
},
{
"category": "external",
"summary": "SUSE Bug 1076314 for CVE-2018-5727",
"url": "https://bugzilla.suse.com/1076314"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5727"
},
{
"cve": "CVE-2018-5785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5785"
}
],
"notes": [
{
"category": "general",
"text": "In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5785",
"url": "https://www.suse.com/security/cve/CVE-2018-5785"
},
{
"category": "external",
"summary": "SUSE Bug 1076967 for CVE-2018-5785",
"url": "https://bugzilla.suse.com/1076967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-5785"
},
{
"cve": "CVE-2018-6616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6616"
}
],
"notes": [
{
"category": "general",
"text": "In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6616",
"url": "https://www.suse.com/security/cve/CVE-2018-6616"
},
{
"category": "external",
"summary": "SUSE Bug 1079845 for CVE-2018-6616",
"url": "https://bugzilla.suse.com/1079845"
},
{
"category": "external",
"summary": "SUSE Bug 1140359 for CVE-2018-6616",
"url": "https://bugzilla.suse.com/1140359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-6616"
},
{
"cve": "CVE-2018-7648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7648"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7648",
"url": "https://www.suse.com/security/cve/CVE-2018-7648"
},
{
"category": "external",
"summary": "SUSE Bug 1083901 for CVE-2018-7648",
"url": "https://bugzilla.suse.com/1083901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-7648"
},
{
"cve": "CVE-2019-12973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12973"
}
],
"notes": [
{
"category": "general",
"text": "In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12973",
"url": "https://www.suse.com/security/cve/CVE-2019-12973"
},
{
"category": "external",
"summary": "SUSE Bug 1140359 for CVE-2019-12973",
"url": "https://bugzilla.suse.com/1140359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-12973"
},
{
"cve": "CVE-2020-6851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6851"
}
],
"notes": [
{
"category": "general",
"text": "OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6851",
"url": "https://www.suse.com/security/cve/CVE-2020-6851"
},
{
"category": "external",
"summary": "SUSE Bug 1160782 for CVE-2020-6851",
"url": "https://bugzilla.suse.com/1160782"
},
{
"category": "external",
"summary": "SUSE Bug 1162090 for CVE-2020-6851",
"url": "https://bugzilla.suse.com/1162090"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6851"
},
{
"cve": "CVE-2020-8112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8112"
}
],
"notes": [
{
"category": "general",
"text": "opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8112",
"url": "https://www.suse.com/security/cve/CVE-2020-8112"
},
{
"category": "external",
"summary": "SUSE Bug 1162090 for CVE-2020-8112",
"url": "https://bugzilla.suse.com/1162090"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-8112"
}
]
}
GHSA-QXQH-JJHC-4WFG
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2025-04-12 13:06
VLAI?
Details
A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2016-8332"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-10-28T14:59:00Z",
"severity": "HIGH"
},
"details": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.",
"id": "GHSA-qxqh-jjhc-4wfg",
"modified": "2025-04-12T13:06:05Z",
"published": "2022-05-13T01:01:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8332"
},
{
"type": "WEB",
"url": "https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3768"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93242"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038623"
},
{
"type": "WEB",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0193"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…