Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-8112 (GCVE-0-2020-8112)
Vulnerability from cvelistv5 – Published: 2020-01-28 17:22 – Updated: 2024-08-04 09:48
VLAI?
EPSS
Summary
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://access.redhat.com/errata/RHSA-2020:0550 | vendor-advisoryx_refsource_REDHAT |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://access.redhat.com/errata/RHSA-2020:0570 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2020:0569 | vendor-advisoryx_refsource_REDHAT |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://access.redhat.com/errata/RHSA-2020:0694 | vendor-advisoryx_refsource_REDHAT |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC |
| https://github.com/uclouvain/openjpeg/issues/1231 | x_refsource_MISC |
| https://www.debian.org/security/2021/dsa-4882 | vendor-advisoryx_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20200130 [SECURITY] [DLA 2089-1] openjpeg2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00035.html"
},
{
"name": "RHSA-2020:0550",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0550"
},
{
"name": "FEDORA-2020-ad63f760f4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFEVEKETJV7GOXD5RDWL35ESEDHC663E/"
},
{
"name": "RHSA-2020:0570",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0570"
},
{
"name": "RHSA-2020:0569",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0569"
},
{
"name": "FEDORA-2020-8193c0aa68",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFM77GIFWHOECNIERYJQPI2ZJU57GZD5/"
},
{
"name": "RHSA-2020:0694",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0694"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2277-1] openjpeg2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/uclouvain/openjpeg/issues/1231"
},
{
"name": "DSA-4882",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4882"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-02T11:07:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20200130 [SECURITY] [DLA 2089-1] openjpeg2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00035.html"
},
{
"name": "RHSA-2020:0550",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0550"
},
{
"name": "FEDORA-2020-ad63f760f4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFEVEKETJV7GOXD5RDWL35ESEDHC663E/"
},
{
"name": "RHSA-2020:0570",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0570"
},
{
"name": "RHSA-2020:0569",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0569"
},
{
"name": "FEDORA-2020-8193c0aa68",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFM77GIFWHOECNIERYJQPI2ZJU57GZD5/"
},
{
"name": "RHSA-2020:0694",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0694"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2277-1] openjpeg2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/uclouvain/openjpeg/issues/1231"
},
{
"name": "DSA-4882",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4882"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20200130 [SECURITY] [DLA 2089-1] openjpeg2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00035.html"
},
{
"name": "RHSA-2020:0550",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0550"
},
{
"name": "FEDORA-2020-ad63f760f4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFEVEKETJV7GOXD5RDWL35ESEDHC663E/"
},
{
"name": "RHSA-2020:0570",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0570"
},
{
"name": "RHSA-2020:0569",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0569"
},
{
"name": "FEDORA-2020-8193c0aa68",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFM77GIFWHOECNIERYJQPI2ZJU57GZD5/"
},
{
"name": "RHSA-2020:0694",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0694"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2277-1] openjpeg2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://github.com/uclouvain/openjpeg/issues/1231",
"refsource": "MISC",
"url": "https://github.com/uclouvain/openjpeg/issues/1231"
},
{
"name": "DSA-4882",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4882"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8112",
"datePublished": "2020-01-28T17:22:42.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:48:25.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-8112",
"date": "2026-05-19",
"epss": "0.01793",
"percentile": "0.82973"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:uclouvain:openjpeg:2.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22C33617-4369-4A1B-9C49-27BAE05D8BAE\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n opj_t1_clbl_decode_processor en el archivo openjp2/t1.c en OpenJPEG versi\\u00f3n 2.3.1 hasta el 28-01-2020, presenta un desbordamiento del b\\u00fafer en la regi\\u00f3n heap de la memoria en el caso qmfbid==1, un problema diferente de CVE-2020-6851.\"}]",
"id": "CVE-2020-8112",
"lastModified": "2024-11-21T05:38:19.027",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2020-01-28T18:15:11.743",
"references": "[{\"url\": \"https://access.redhat.com/errata/RHSA-2020:0550\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0569\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0570\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0694\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/uclouvain/openjpeg/issues/1231\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/01/msg00035.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFM77GIFWHOECNIERYJQPI2ZJU57GZD5/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFEVEKETJV7GOXD5RDWL35ESEDHC663E/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.debian.org/security/2021/dsa-4882\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0550\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0569\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0570\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0694\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/uclouvain/openjpeg/issues/1231\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/01/msg00035.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFM77GIFWHOECNIERYJQPI2ZJU57GZD5/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFEVEKETJV7GOXD5RDWL35ESEDHC663E/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2021/dsa-4882\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-8112\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-01-28T18:15:11.743\",\"lastModified\":\"2024-11-21T05:38:19.027\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n opj_t1_clbl_decode_processor en el archivo openjp2/t1.c en OpenJPEG versi\u00f3n 2.3.1 hasta el 28-01-2020, presenta un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria en el caso qmfbid==1, un problema diferente de CVE-2020-6851.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:uclouvain:openjpeg:2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22C33617-4369-4A1B-9C49-27BAE05D8BAE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0550\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0569\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0570\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0694\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/uclouvain/openjpeg/issues/1231\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/01/msg00035.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFM77GIFWHOECNIERYJQPI2ZJU57GZD5/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFEVEKETJV7GOXD5RDWL35ESEDHC663E/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2021/dsa-4882\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0550\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0569\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0570\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0694\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/uclouvain/openjpeg/issues/1231\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/01/msg00035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFM77GIFWHOECNIERYJQPI2ZJU57GZD5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFEVEKETJV7GOXD5RDWL35ESEDHC663E/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2021/dsa-4882\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2020-AVI-433
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Database Server. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Les CVE suivantes sont référencées mais l'éditeur indique qu'elles ne sont pas exploitables : CVE-2018-18314, CVE-2019-10086, CVE-2019-13990, CVE-2019-16943.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Database Server | Oracle Database Server version 11.2.0.4 sans le dernier correctif | ||
| Oracle | Database Server | Oracle Application Express de Oracle Database Server versions 5.1 à 19.2 sans le dernier correctif | ||
| Oracle | Database Server | Oracle Database Server version 12.1.0.2 sans le dernier correctif | ||
| Oracle | Database Server | Oracle Database Server version 19c sans le dernier correctif | ||
| Oracle | Database Server | Oracle Database Server version 18c sans le dernier correctif | ||
| Oracle | Database Server | Oracle Database Server version 12.2.0.1 sans le dernier correctif |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Database Server version 11.2.0.4 sans le dernier correctif",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Express de Oracle Database Server versions 5.1 \u00e0 19.2 sans le dernier correctif",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server version 12.1.0.2 sans le dernier correctif",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server version 19c sans le dernier correctif",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server version 18c sans le dernier correctif",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server version 12.2.0.1 sans le dernier correctif",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2975"
},
{
"name": "CVE-2020-2969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2969"
},
{
"name": "CVE-2020-2973",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2973"
},
{
"name": "CVE-2019-13990",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13990"
},
{
"name": "CVE-2020-2513",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2513"
},
{
"name": "CVE-2016-9843",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
},
{
"name": "CVE-2020-2974",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2974"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2018-18314",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18314"
},
{
"name": "CVE-2020-8112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8112"
},
{
"name": "CVE-2020-2971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2971"
},
{
"name": "CVE-2020-2972",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2972"
},
{
"name": "CVE-2020-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2976"
},
{
"name": "CVE-2016-1000031",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000031"
},
{
"name": "CVE-2019-17569",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17569"
},
{
"name": "CVE-2020-2978",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2978"
},
{
"name": "CVE-2019-10086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10086"
},
{
"name": "CVE-2020-2977",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2977"
},
{
"name": "CVE-2020-2968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2968"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-433",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database\nServer. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun contournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nLes CVE suivantes sont r\u00e9f\u00e9renc\u00e9es mais l\u0027\u00e9diteur indique qu\u0027elles ne\nsont pas exploitables : CVE-2018-18314, CVE-2019-10086, CVE-2019-13990,\nCVE-2019-16943.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle d\u00e9taill\u00e9 cpujul2020 du 14 juillet 2020",
"url": "https://www.oracle.com/security-alerts/cpujul2020verbose.html#DB"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2020 du 14 juillet 2020",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
]
}
CERTFR-2020-AVI-433
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Database Server. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Les CVE suivantes sont référencées mais l'éditeur indique qu'elles ne sont pas exploitables : CVE-2018-18314, CVE-2019-10086, CVE-2019-13990, CVE-2019-16943.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Database Server | Oracle Database Server version 11.2.0.4 sans le dernier correctif | ||
| Oracle | Database Server | Oracle Application Express de Oracle Database Server versions 5.1 à 19.2 sans le dernier correctif | ||
| Oracle | Database Server | Oracle Database Server version 12.1.0.2 sans le dernier correctif | ||
| Oracle | Database Server | Oracle Database Server version 19c sans le dernier correctif | ||
| Oracle | Database Server | Oracle Database Server version 18c sans le dernier correctif | ||
| Oracle | Database Server | Oracle Database Server version 12.2.0.1 sans le dernier correctif |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Database Server version 11.2.0.4 sans le dernier correctif",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Express de Oracle Database Server versions 5.1 \u00e0 19.2 sans le dernier correctif",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server version 12.1.0.2 sans le dernier correctif",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server version 19c sans le dernier correctif",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server version 18c sans le dernier correctif",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server version 12.2.0.1 sans le dernier correctif",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2975"
},
{
"name": "CVE-2020-2969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2969"
},
{
"name": "CVE-2020-2973",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2973"
},
{
"name": "CVE-2019-13990",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13990"
},
{
"name": "CVE-2020-2513",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2513"
},
{
"name": "CVE-2016-9843",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
},
{
"name": "CVE-2020-2974",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2974"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2018-18314",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18314"
},
{
"name": "CVE-2020-8112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8112"
},
{
"name": "CVE-2020-2971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2971"
},
{
"name": "CVE-2020-2972",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2972"
},
{
"name": "CVE-2020-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2976"
},
{
"name": "CVE-2016-1000031",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000031"
},
{
"name": "CVE-2019-17569",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17569"
},
{
"name": "CVE-2020-2978",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2978"
},
{
"name": "CVE-2019-10086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10086"
},
{
"name": "CVE-2020-2977",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2977"
},
{
"name": "CVE-2020-2968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2968"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-433",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database\nServer. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun contournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nLes CVE suivantes sont r\u00e9f\u00e9renc\u00e9es mais l\u0027\u00e9diteur indique qu\u0027elles ne\nsont pas exploitables : CVE-2018-18314, CVE-2019-10086, CVE-2019-13990,\nCVE-2019-16943.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle d\u00e9taill\u00e9 cpujul2020 du 14 juillet 2020",
"url": "https://www.oracle.com/security-alerts/cpujul2020verbose.html#DB"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2020 du 14 juillet 2020",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
]
}
BDU:2020-02869
Vulnerability from fstec - Published: 29.01.2020
VLAI Severity ?
Title
Уязвимость функции opj_t1_clbl_decode_processor (openjp2/t1.c) библиотеки для кодирования и декодирования изображений OpenJPEG, позволяющая нарушителю оказать влияние на конфиденциальность, целостность и доступность защищаемой информации
Description
Уязвимость функции opj_t1_clbl_decode_processor (openjp2/t1.c) библиотеки для кодирования и декодирования изображений OpenJPEG связана с записью за границами буфера в памяти (в случае qmfbid == 1). Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, оказать влияние на конфиденциальность, целостность и доступность защищаемой информации
Severity ?
Vendor
Red Hat Inc., ООО «РусБИТех-Астра», Fedora Project, Сообщество свободного программного обеспечения, АО "НППКТ", АО «Концерн ВНИИНС»
Software Name
Red Hat Enterprise Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Common Edition (запись в едином реестре российских программ №4433), Fedora, Debian GNU/Linux, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), OpenJPEG, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
7 (Red Hat Enterprise Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 2.12 «Орёл» (Astra Linux Common Edition), 8 (Red Hat Enterprise Linux), 30 (Fedora), 8 (Debian GNU/Linux), 31 (Fedora), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 8.0 Update Services for SAP Solutions (Red Hat Enterprise Linux), от 2.3.1 до 2020-01-28 (OpenJPEG), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 2.1 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
Для OpenJPEG:
https://github.com/uclouvain/openjpeg/issues/1231
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2020-8112
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFEVEKETJV7GOXD5RDWL35ESEDHC663E/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFM77GIFWHOECNIERYJQPI2ZJU57GZD5/
Для Debian GNU/Linux:
https://lists.debian.org/debian-lts-announce/2020/01/msg00035.html
Для Astra Linux:
Обновление программного обеспечения (пакета openjpeg2) до 2.1.2-1.1+deb9u5 или более поздней версии
И использование рекомендаций производителя:
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
Для ОСОН Основа:
Обновление программного обеспечения openjpeg2 до версии 2.3.0-2+deb10u2.osnova1
Для ОС ОН «Стрелец»:
Обновление программного обеспечения openjpeg2 до версии 2.3.0-2+deb10u2.osnova1
Для ОС Astra Linux 1.6 «Смоленск»:
обновить пакет openjpeg2 до 2.1.2-1.1+deb9u6 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16
Reference
https://access.redhat.com/security/cve/CVE-2020-8112
https://github.com/uclouvain/openjpeg/issues/1231
https://lists.debian.org/debian-lts-announce/2020/01/msg00035.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFM77GIFWHOECNIERYJQPI2ZJU57GZD5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFEVEKETJV7GOXD5RDWL35ESEDHC663E/
https://nvd.nist.gov/vuln/detail/CVE-2020-8112
https://security-tracker.debian.org/tracker/CVE-2020-8112
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
CWE
CWE-787
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Fedora Project, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (Astra Linux Common Edition), 8 (Red Hat Enterprise Linux), 30 (Fedora), 8 (Debian GNU/Linux), 31 (Fedora), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 8.0 Update Services for SAP Solutions (Red Hat Enterprise Linux), \u043e\u0442 2.3.1 \u0434\u043e 2020-01-28 (OpenJPEG), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f OpenJPEG:\nhttps://github.com/uclouvain/openjpeg/issues/1231\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2020-8112\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFEVEKETJV7GOXD5RDWL35ESEDHC663E/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFM77GIFWHOECNIERYJQPI2ZJU57GZD5/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://lists.debian.org/debian-lts-announce/2020/01/msg00035.html\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 openjpeg2) \u0434\u043e 2.1.2-1.1+deb9u5 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0418 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f openjpeg2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.3.0-2+deb10u2.osnova1\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f openjpeg2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.3.0-2+deb10u2.osnova1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 openjpeg2 \u0434\u043e 2.1.2-1.1+deb9u6 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "29.01.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.06.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-02869",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-8112",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Fedora, Debian GNU/Linux, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), OpenJPEG, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 IA-32, Red Hat Inc. Red Hat Enterprise Linux 7 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Red Hat Inc. Red Hat Enterprise Linux 8 , Fedora Project Fedora 30 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , Fedora Project Fedora 31 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Red Hat Inc. Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 opj_t1_clbl_decode_processor (openjp2/t1.c) \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0434\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439 OpenJPEG, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 opj_t1_clbl_decode_processor (openjp2/t1.c) \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0434\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439 OpenJPEG \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (\u0432 \u0441\u043b\u0443\u0447\u0430\u0435 qmfbid == 1). \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/security/cve/CVE-2020-8112\nhttps://github.com/uclouvain/openjpeg/issues/1231\nhttps://lists.debian.org/debian-lts-announce/2020/01/msg00035.html\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFM77GIFWHOECNIERYJQPI2ZJU57GZD5/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFEVEKETJV7GOXD5RDWL35ESEDHC663E/\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8112\nhttps://security-tracker.debian.org/tracker/CVE-2020-8112\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
BDU:2020-03622
Vulnerability from fstec - Published: 28.01.2020
VLAI Severity ?
Title
Уязвимость функции opj_t1_clbl_decode_processor библиотеки для кодирования и декодирования изображений OpenJPEG, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость функции opj_t1_clbl_decode_processor библиотеки для кодирования и декодирования изображений OpenJPEG связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании
Severity ?
Vendor
Red Hat Inc., Сообщество свободного программного обеспечения, Oracle Corp., ООО «РусБИТех-Астра», АО "НППКТ", АО «Концерн ВНИИНС»
Software Name
Red Hat Enterprise Linux, Debian GNU/Linux, Outside In Technology, Astra Linux Common Edition (запись в едином реестре российских программ №4433), Database Server, OpenJPEG, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
7 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 8.5.4 (Outside In Technology), 2.12 «Орёл» (Astra Linux Common Edition), 8 (Red Hat Enterprise Linux), 18c (Database Server), 8 (Debian GNU/Linux), 8.0 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.5.5 (Outside In Technology), 2.3.1 (OpenJPEG), до 2.1 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
Для OpenJPEG:
https://github.com/uclouvain/openjpeg/issues/1231
Для программных продуктов Oracle Corp.:
https://www.oracle.com/security-alerts/cpujul2020.html
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2020-8112
Для Debian GNU/Linux:
https://lists.debian.org/debian-lts-announce/2020/01/msg00035.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html
Для Astra Linux:
Обновление программного обеспечения (пакета openjpeg2) до 2.1.2-1.1+deb9u5 или более поздней версии
Для ОСОН Основа:
Обновление программного обеспечения openjpeg2 до версии 2.3.0-2+deb10u2.osnova1
Для ОС ОН «Стрелец»:
Обновление программного обеспечения openjpeg2 до версии 2.3.0-2+deb10u2.osnova1
Reference
https://access.redhat.com/errata/RHSA-2020:0550
https://access.redhat.com/errata/RHSA-2020:0569
https://access.redhat.com/errata/RHSA-2020:0570
https://access.redhat.com/errata/RHSA-2020:0694
https://github.com/uclouvain/openjpeg/issues/1231
https://lists.debian.org/debian-lts-announce/2020/01/msg00035.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFM77GIFWHOECNIERYJQPI2ZJU57GZD5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFEVEKETJV7GOXD5RDWL35ESEDHC663E/
https://www.oracle.com/security-alerts/cpujul2020.html
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
CWE
CWE-787
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Oracle Corp., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 8.5.4 (Outside In Technology), 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (Astra Linux Common Edition), 8 (Red Hat Enterprise Linux), 18c (Database Server), 8 (Debian GNU/Linux), 8.0 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.5.5 (Outside In Technology), 2.3.1 (OpenJPEG), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f OpenJPEG:\nhttps://github.com/uclouvain/openjpeg/issues/1231\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle Corp.:\nhttps://www.oracle.com/security-alerts/cpujul2020.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2020-8112\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://lists.debian.org/debian-lts-announce/2020/01/msg00035.html \nhttps://lists.debian.org/debian-lts-announce/2020/07/msg00008.html\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 openjpeg2) \u0434\u043e 2.1.2-1.1+deb9u5 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f openjpeg2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.3.0-2+deb10u2.osnova1\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f openjpeg2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.3.0-2+deb10u2.osnova1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "28.01.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "31.07.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-03622",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-8112",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, Outside In Technology, Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Database Server, OpenJPEG, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , Red Hat Inc. Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions , \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 opj_t1_clbl_decode_processor \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0434\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439 OpenJPEG, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 opj_t1_clbl_decode_processor \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0434\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439 OpenJPEG \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/errata/RHSA-2020:0550 \nhttps://access.redhat.com/errata/RHSA-2020:0569 \nhttps://access.redhat.com/errata/RHSA-2020:0570 \nhttps://access.redhat.com/errata/RHSA-2020:0694 \nhttps://github.com/uclouvain/openjpeg/issues/1231 \nhttps://lists.debian.org/debian-lts-announce/2020/01/msg00035.html \nhttps://lists.debian.org/debian-lts-announce/2020/07/msg00008.html \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFM77GIFWHOECNIERYJQPI2ZJU57GZD5/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFEVEKETJV7GOXD5RDWL35ESEDHC663E/ \nhttps://www.oracle.com/security-alerts/cpujul2020.html\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0423\u0411\u0414",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
CNVD-2020-33736
Vulnerability from cnvd - Published: 2020-06-20
VLAI Severity ?
Title
OpenJPEG缓冲区溢出漏洞(CNVD-2020-33736)
Description
OpenJPEG是一款基于C语言的开源JPEG2000编码解码器。
OpenJPEG 2.3.1版本中openjp2/t1.c文件中的opj_t1_clbl_decode_processor存在缓冲区溢出漏洞,该漏洞源于程序未能正确检查边界。远程攻击者可借助特制文件利用该漏洞在系统上执行任意代码,或者导致应用程序崩溃。
Severity
低
Patch Name
OpenJPEG缓冲区溢出漏洞(CNVD-2020-33736)的补丁
Patch Description
OpenJPEG是一款基于C语言的开源JPEG2000编码解码器。
OpenJPEG 2.3.1版本中openjp2/t1.c文件中的opj_t1_clbl_decode_processor存在缓冲区溢出漏洞,该漏洞源于程序未能正确检查边界。远程攻击者可借助特制文件利用该漏洞在系统上执行任意代码,或者导致应用程序崩溃。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://github.com/rouault/openjpeg/commit/05f9b91e60debda0e83977e5e63b2e66486f7074
Reference
https://github.com/uclouvain/openjpeg/issues/1231
Impacted products
| Name | OpenJPEG OpenJPEG 2.3.1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-8112",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-8112"
}
},
"description": "OpenJPEG\u662f\u4e00\u6b3e\u57fa\u4e8eC\u8bed\u8a00\u7684\u5f00\u6e90JPEG2000\u7f16\u7801\u89e3\u7801\u5668\u3002\n\nOpenJPEG 2.3.1\u7248\u672c\u4e2dopenjp2/t1.c\u6587\u4ef6\u4e2d\u7684opj_t1_clbl_decode_processor\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u68c0\u67e5\u8fb9\u754c\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u6216\u8005\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/rouault/openjpeg/commit/05f9b91e60debda0e83977e5e63b2e66486f7074",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-33736",
"openTime": "2020-06-20",
"patchDescription": "OpenJPEG\u662f\u4e00\u6b3e\u57fa\u4e8eC\u8bed\u8a00\u7684\u5f00\u6e90JPEG2000\u7f16\u7801\u89e3\u7801\u5668\u3002\r\n\r\nOpenJPEG 2.3.1\u7248\u672c\u4e2dopenjp2/t1.c\u6587\u4ef6\u4e2d\u7684opj_t1_clbl_decode_processor\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u68c0\u67e5\u8fb9\u754c\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u6216\u8005\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "OpenJPEG\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2020-33736\uff09\u7684\u8865\u4e01",
"products": {
"product": "OpenJPEG OpenJPEG 2.3.1"
},
"referenceLink": "https://github.com/uclouvain/openjpeg/issues/1231",
"serverity": "\u4f4e",
"submitTime": "2020-02-12",
"title": "OpenJPEG\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2020-33736\uff09"
}
FKIE_CVE-2020-8112
Vulnerability from fkie_nvd - Published: 2020-01-28 18:15 - Updated: 2024-11-21 05:38
Severity ?
Summary
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uclouvain | openjpeg | 2.3.1 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uclouvain:openjpeg:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22C33617-4369-4A1B-9C49-27BAE05D8BAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851."
},
{
"lang": "es",
"value": "La funci\u00f3n opj_t1_clbl_decode_processor en el archivo openjp2/t1.c en OpenJPEG versi\u00f3n 2.3.1 hasta el 28-01-2020, presenta un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria en el caso qmfbid==1, un problema diferente de CVE-2020-6851."
}
],
"id": "CVE-2020-8112",
"lastModified": "2024-11-21T05:38:19.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-28T18:15:11.743",
"references": [
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2020:0550"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2020:0569"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2020:0570"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2020:0694"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/uclouvain/openjpeg/issues/1231"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00035.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFM77GIFWHOECNIERYJQPI2ZJU57GZD5/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFEVEKETJV7GOXD5RDWL35ESEDHC663E/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2021/dsa-4882"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2020:0550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2020:0569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2020:0570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2020:0694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/uclouvain/openjpeg/issues/1231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFM77GIFWHOECNIERYJQPI2ZJU57GZD5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFEVEKETJV7GOXD5RDWL35ESEDHC663E/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2021/dsa-4882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-G38X-2W55-FMR9
Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2022-05-24 17:07
VLAI?
Details
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
{
"affected": [],
"aliases": [
"CVE-2020-8112"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-28T18:15:00Z",
"severity": "MODERATE"
},
"details": "opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.",
"id": "GHSA-g38x-2w55-fmr9",
"modified": "2022-05-24T17:07:38Z",
"published": "2022-05-24T17:07:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8112"
},
{
"type": "WEB",
"url": "https://github.com/uclouvain/openjpeg/issues/1231"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0550"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0569"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0570"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0694"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00035.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFM77GIFWHOECNIERYJQPI2ZJU57GZD5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFEVEKETJV7GOXD5RDWL35ESEDHC663E"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4882"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2020-8112
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-8112",
"description": "opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.",
"id": "GSD-2020-8112",
"references": [
"https://www.suse.com/security/cve/CVE-2020-8112.html",
"https://www.debian.org/security/2021/dsa-4882",
"https://access.redhat.com/errata/RHSA-2020:0570",
"https://access.redhat.com/errata/RHSA-2020:0569",
"https://access.redhat.com/errata/RHSA-2020:0550",
"https://ubuntu.com/security/CVE-2020-8112",
"https://advisories.mageia.org/CVE-2020-8112.html",
"https://security.archlinux.org/CVE-2020-8112",
"https://linux.oracle.com/cve/CVE-2020-8112.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-8112"
],
"details": "opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.",
"id": "GSD-2020-8112",
"modified": "2023-12-13T01:21:53.466312Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20200130 [SECURITY] [DLA 2089-1] openjpeg2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00035.html"
},
{
"name": "RHSA-2020:0550",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0550"
},
{
"name": "FEDORA-2020-ad63f760f4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFEVEKETJV7GOXD5RDWL35ESEDHC663E/"
},
{
"name": "RHSA-2020:0570",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0570"
},
{
"name": "RHSA-2020:0569",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0569"
},
{
"name": "FEDORA-2020-8193c0aa68",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFM77GIFWHOECNIERYJQPI2ZJU57GZD5/"
},
{
"name": "RHSA-2020:0694",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0694"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2277-1] openjpeg2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://github.com/uclouvain/openjpeg/issues/1231",
"refsource": "MISC",
"url": "https://github.com/uclouvain/openjpeg/issues/1231"
},
{
"name": "DSA-4882",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4882"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "=2.3.1",
"affected_versions": "Version 2.3.1",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-787",
"CWE-937"
],
"date": "2021-04-02",
"description": "`opj_t1_clbl_decode_processor` in `openjp2/t1.c` in OpenJPEG has a heap-based buffer overflow in the `qmfbid==1` case, a different issue than CVE-2020-6851.",
"fixed_versions": [
"2.4.0"
],
"identifier": "CVE-2020-8112",
"identifiers": [
"CVE-2020-8112"
],
"not_impacted": "All versions before 2.3.1, all versions after 2.3.1",
"package_slug": "conan/openjpeg",
"pubdate": "2020-01-28",
"solution": "Upgrade to version 2.4.0 or above.",
"title": "Out-of-bounds Write",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8112"
],
"uuid": "96933de2-00ca-4ba2-a38c-6e059ea7afc8"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:uclouvain:openjpeg:2.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8112"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/uclouvain/openjpeg/issues/1231",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/uclouvain/openjpeg/issues/1231"
},
{
"name": "[debian-lts-announce] 20200130 [SECURITY] [DLA 2089-1] openjpeg2 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00035.html"
},
{
"name": "RHSA-2020:0550",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2020:0550"
},
{
"name": "FEDORA-2020-ad63f760f4",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFEVEKETJV7GOXD5RDWL35ESEDHC663E/"
},
{
"name": "RHSA-2020:0569",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2020:0569"
},
{
"name": "RHSA-2020:0570",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2020:0570"
},
{
"name": "FEDORA-2020-8193c0aa68",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFM77GIFWHOECNIERYJQPI2ZJU57GZD5/"
},
{
"name": "RHSA-2020:0694",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2020:0694"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2277-1] openjpeg2 security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"tags": [],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "DSA-4882",
"refsource": "DEBIAN",
"tags": [],
"url": "https://www.debian.org/security/2021/dsa-4882"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2021-04-02T12:15Z",
"publishedDate": "2020-01-28T18:15Z"
}
}
}
MSRC_CVE-2020-8112
Vulnerability from csaf_microsoft - Published: 2020-01-02 00:00 - Updated: 2024-07-23 00:00Summary
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case a different issue than CVE-2020-6851.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2020/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2020/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2020-8112 opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case a different issue than CVE-2020-6851. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2020/msrc_cve-2020-8112.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case a different issue than CVE-2020-6851.",
"tracking": {
"current_release_date": "2024-07-23T00:00:00.000Z",
"generator": {
"date": "2025-10-19T17:48:43.722Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2020-8112",
"initial_release_date": "2020-01-02T00:00:00.000Z",
"revision_history": [
{
"date": "2024-07-23T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 openjpeg2 2.3.1-12",
"product": {
"name": "\u003cazl3 openjpeg2 2.3.1-12",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 openjpeg2 2.3.1-12",
"product": {
"name": "azl3 openjpeg2 2.3.1-12",
"product_id": "19205"
}
}
],
"category": "product_name",
"name": "openjpeg2"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 openjpeg2 2.3.1-12 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 openjpeg2 2.3.1-12 as a component of Azure Linux 3.0",
"product_id": "19205-17084"
},
"product_reference": "19205",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8112",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19205-17084"
],
"known_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-8112 opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case a different issue than CVE-2020-6851. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2020/msrc_cve-2020-8112.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-23T00:00:00.000Z",
"details": "2.3.1-12:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"17084-1"
]
}
],
"title": "opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case a different issue than CVE-2020-6851."
}
]
}
OPENSUSE-SU-2024:11120-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libopenjp2-7-2.4.0-1.4 on GA media
Severity
Moderate
Notes
Title of the patch: libopenjp2-7-2.4.0-1.4 on GA media
Description of the patch: These are all security issues fixed in the libopenjp2-7-2.4.0-1.4 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11120
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.4 (Critical)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.6 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
4.4 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
4.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
4.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
82 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libopenjp2-7-2.4.0-1.4 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libopenjp2-7-2.4.0-1.4 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11120",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11120-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10504 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10505 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10506 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5139 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5152 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5158 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8332 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12982 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14039 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14040 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14040/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14041 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14041/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14151 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14152 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14423 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14423/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16375 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16375/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18088 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5727 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5785 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6616 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7648 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12973 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6851 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8112 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8112/"
}
],
"title": "libopenjp2-7-2.4.0-1.4 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11120-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.4.0-1.4.aarch64",
"product": {
"name": "libopenjp2-7-2.4.0-1.4.aarch64",
"product_id": "libopenjp2-7-2.4.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"product": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"product_id": "libopenjp2-7-32bit-2.4.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.4.0-1.4.aarch64",
"product": {
"name": "openjpeg2-2.4.0-1.4.aarch64",
"product_id": "openjpeg2-2.4.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.4.0-1.4.aarch64",
"product": {
"name": "openjpeg2-devel-2.4.0-1.4.aarch64",
"product_id": "openjpeg2-devel-2.4.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"product": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"product_id": "openjpeg2-devel-doc-2.4.0-1.4.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.4.0-1.4.ppc64le",
"product": {
"name": "libopenjp2-7-2.4.0-1.4.ppc64le",
"product_id": "libopenjp2-7-2.4.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"product": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"product_id": "libopenjp2-7-32bit-2.4.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.4.0-1.4.ppc64le",
"product": {
"name": "openjpeg2-2.4.0-1.4.ppc64le",
"product_id": "openjpeg2-2.4.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.4.0-1.4.ppc64le",
"product": {
"name": "openjpeg2-devel-2.4.0-1.4.ppc64le",
"product_id": "openjpeg2-devel-2.4.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"product": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"product_id": "openjpeg2-devel-doc-2.4.0-1.4.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.4.0-1.4.s390x",
"product": {
"name": "libopenjp2-7-2.4.0-1.4.s390x",
"product_id": "libopenjp2-7-2.4.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-32bit-2.4.0-1.4.s390x",
"product": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.s390x",
"product_id": "libopenjp2-7-32bit-2.4.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.4.0-1.4.s390x",
"product": {
"name": "openjpeg2-2.4.0-1.4.s390x",
"product_id": "openjpeg2-2.4.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.4.0-1.4.s390x",
"product": {
"name": "openjpeg2-devel-2.4.0-1.4.s390x",
"product_id": "openjpeg2-devel-2.4.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-doc-2.4.0-1.4.s390x",
"product": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.s390x",
"product_id": "openjpeg2-devel-doc-2.4.0-1.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.4.0-1.4.x86_64",
"product": {
"name": "libopenjp2-7-2.4.0-1.4.x86_64",
"product_id": "libopenjp2-7-2.4.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"product": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"product_id": "libopenjp2-7-32bit-2.4.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.4.0-1.4.x86_64",
"product": {
"name": "openjpeg2-2.4.0-1.4.x86_64",
"product_id": "openjpeg2-2.4.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.4.0-1.4.x86_64",
"product": {
"name": "openjpeg2-devel-2.4.0-1.4.x86_64",
"product_id": "openjpeg2-devel-2.4.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-doc-2.4.0-1.4.x86_64",
"product": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.x86_64",
"product_id": "openjpeg2-devel-doc-2.4.0-1.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.4.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64"
},
"product_reference": "libopenjp2-7-2.4.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.4.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le"
},
"product_reference": "libopenjp2-7-2.4.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.4.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x"
},
"product_reference": "libopenjp2-7-2.4.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.4.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64"
},
"product_reference": "libopenjp2-7-2.4.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64"
},
"product_reference": "libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le"
},
"product_reference": "libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x"
},
"product_reference": "libopenjp2-7-32bit-2.4.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64"
},
"product_reference": "libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.4.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64"
},
"product_reference": "openjpeg2-2.4.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.4.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le"
},
"product_reference": "openjpeg2-2.4.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.4.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x"
},
"product_reference": "openjpeg2-2.4.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.4.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64"
},
"product_reference": "openjpeg2-2.4.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.4.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64"
},
"product_reference": "openjpeg2-devel-2.4.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.4.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le"
},
"product_reference": "openjpeg2-devel-2.4.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.4.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x"
},
"product_reference": "openjpeg2-devel-2.4.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.4.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64"
},
"product_reference": "openjpeg2-devel-2.4.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64"
},
"product_reference": "openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le"
},
"product_reference": "openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x"
},
"product_reference": "openjpeg2-devel-doc-2.4.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
},
"product_reference": "openjpeg2-devel-doc-2.4.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-10504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10504"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10504",
"url": "https://www.suse.com/security/cve/CVE-2016-10504"
},
{
"category": "external",
"summary": "SUSE Bug 1056351 for CVE-2016-10504",
"url": "https://bugzilla.suse.com/1056351"
},
{
"category": "external",
"summary": "SUSE Bug 1179594 for CVE-2016-10504",
"url": "https://bugzilla.suse.com/1179594"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-10504"
},
{
"cve": "CVE-2016-10505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10505"
}
],
"notes": [
{
"category": "general",
"text": "NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10505",
"url": "https://www.suse.com/security/cve/CVE-2016-10505"
},
{
"category": "external",
"summary": "SUSE Bug 1056363 for CVE-2016-10505",
"url": "https://bugzilla.suse.com/1056363"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-10505"
},
{
"cve": "CVE-2016-10506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10506"
}
],
"notes": [
{
"category": "general",
"text": "Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10506",
"url": "https://www.suse.com/security/cve/CVE-2016-10506"
},
{
"category": "external",
"summary": "SUSE Bug 1056396 for CVE-2016-10506",
"url": "https://bugzilla.suse.com/1056396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-10506"
},
{
"cve": "CVE-2016-5139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5139"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5139",
"url": "https://www.suse.com/security/cve/CVE-2016-5139"
},
{
"category": "external",
"summary": "SUSE Bug 992305 for CVE-2016-5139",
"url": "https://bugzilla.suse.com/992305"
},
{
"category": "external",
"summary": "SUSE Bug 992311 for CVE-2016-5139",
"url": "https://bugzilla.suse.com/992311"
},
{
"category": "external",
"summary": "SUSE Bug 992325 for CVE-2016-5139",
"url": "https://bugzilla.suse.com/992325"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-5139"
},
{
"cve": "CVE-2016-5152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5152"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5152",
"url": "https://www.suse.com/security/cve/CVE-2016-5152"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5152",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-5152"
},
{
"cve": "CVE-2016-5158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5158"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5158",
"url": "https://www.suse.com/security/cve/CVE-2016-5158"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5158",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-5158"
},
{
"cve": "CVE-2016-8332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8332"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8332",
"url": "https://www.suse.com/security/cve/CVE-2016-8332"
},
{
"category": "external",
"summary": "SUSE Bug 1002414 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1002414"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-8332"
},
{
"cve": "CVE-2017-12982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12982"
}
],
"notes": [
{
"category": "general",
"text": "The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12982",
"url": "https://www.suse.com/security/cve/CVE-2017-12982"
},
{
"category": "external",
"summary": "SUSE Bug 1054696 for CVE-2017-12982",
"url": "https://bugzilla.suse.com/1054696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-12982"
},
{
"cve": "CVE-2017-14039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14039"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14039",
"url": "https://www.suse.com/security/cve/CVE-2017-14039"
},
{
"category": "external",
"summary": "SUSE Bug 1056622 for CVE-2017-14039",
"url": "https://bugzilla.suse.com/1056622"
},
{
"category": "external",
"summary": "SUSE Bug 1057511 for CVE-2017-14039",
"url": "https://bugzilla.suse.com/1057511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-14039"
},
{
"cve": "CVE-2017-14040",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14040"
}
],
"notes": [
{
"category": "general",
"text": "An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14040",
"url": "https://www.suse.com/security/cve/CVE-2017-14040"
},
{
"category": "external",
"summary": "SUSE Bug 1056621 for CVE-2017-14040",
"url": "https://bugzilla.suse.com/1056621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-14040"
},
{
"cve": "CVE-2017-14041",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14041"
}
],
"notes": [
{
"category": "general",
"text": "A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14041",
"url": "https://www.suse.com/security/cve/CVE-2017-14041"
},
{
"category": "external",
"summary": "SUSE Bug 1056562 for CVE-2017-14041",
"url": "https://bugzilla.suse.com/1056562"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-14041"
},
{
"cve": "CVE-2017-14151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14151"
}
],
"notes": [
{
"category": "general",
"text": "An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in lib/openjp2/t1.c) or possibly remote code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14151",
"url": "https://www.suse.com/security/cve/CVE-2017-14151"
},
{
"category": "external",
"summary": "SUSE Bug 1057336 for CVE-2017-14151",
"url": "https://bugzilla.suse.com/1057336"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-14151"
},
{
"cve": "CVE-2017-14152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14152"
}
],
"notes": [
{
"category": "general",
"text": "A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14152",
"url": "https://www.suse.com/security/cve/CVE-2017-14152"
},
{
"category": "external",
"summary": "SUSE Bug 1057335 for CVE-2017-14152",
"url": "https://bugzilla.suse.com/1057335"
},
{
"category": "external",
"summary": "SUSE Bug 1057511 for CVE-2017-14152",
"url": "https://bugzilla.suse.com/1057511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-14152"
},
{
"cve": "CVE-2018-14423",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14423"
}
],
"notes": [
{
"category": "general",
"text": "Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14423",
"url": "https://www.suse.com/security/cve/CVE-2018-14423"
},
{
"category": "external",
"summary": "SUSE Bug 1102016 for CVE-2018-14423",
"url": "https://bugzilla.suse.com/1102016"
},
{
"category": "external",
"summary": "SUSE Bug 1140130 for CVE-2018-14423",
"url": "https://bugzilla.suse.com/1140130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-14423"
},
{
"cve": "CVE-2018-16375",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16375"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16375",
"url": "https://www.suse.com/security/cve/CVE-2018-16375"
},
{
"category": "external",
"summary": "SUSE Bug 1106882 for CVE-2018-16375",
"url": "https://bugzilla.suse.com/1106882"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16375"
},
{
"cve": "CVE-2018-18088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18088"
}
],
"notes": [
{
"category": "general",
"text": "OpenJPEG 2.3.0 has a NULL pointer dereference for \"red\" in the imagetopnm function of jp2/convert.c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18088",
"url": "https://www.suse.com/security/cve/CVE-2018-18088"
},
{
"category": "external",
"summary": "SUSE Bug 1111638 for CVE-2018-18088",
"url": "https://bugzilla.suse.com/1111638"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-18088"
},
{
"cve": "CVE-2018-5727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5727"
}
],
"notes": [
{
"category": "general",
"text": "In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5727",
"url": "https://www.suse.com/security/cve/CVE-2018-5727"
},
{
"category": "external",
"summary": "SUSE Bug 1076314 for CVE-2018-5727",
"url": "https://bugzilla.suse.com/1076314"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5727"
},
{
"cve": "CVE-2018-5785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5785"
}
],
"notes": [
{
"category": "general",
"text": "In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5785",
"url": "https://www.suse.com/security/cve/CVE-2018-5785"
},
{
"category": "external",
"summary": "SUSE Bug 1076967 for CVE-2018-5785",
"url": "https://bugzilla.suse.com/1076967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-5785"
},
{
"cve": "CVE-2018-6616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6616"
}
],
"notes": [
{
"category": "general",
"text": "In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6616",
"url": "https://www.suse.com/security/cve/CVE-2018-6616"
},
{
"category": "external",
"summary": "SUSE Bug 1079845 for CVE-2018-6616",
"url": "https://bugzilla.suse.com/1079845"
},
{
"category": "external",
"summary": "SUSE Bug 1140359 for CVE-2018-6616",
"url": "https://bugzilla.suse.com/1140359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-6616"
},
{
"cve": "CVE-2018-7648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7648"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7648",
"url": "https://www.suse.com/security/cve/CVE-2018-7648"
},
{
"category": "external",
"summary": "SUSE Bug 1083901 for CVE-2018-7648",
"url": "https://bugzilla.suse.com/1083901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-7648"
},
{
"cve": "CVE-2019-12973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12973"
}
],
"notes": [
{
"category": "general",
"text": "In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12973",
"url": "https://www.suse.com/security/cve/CVE-2019-12973"
},
{
"category": "external",
"summary": "SUSE Bug 1140359 for CVE-2019-12973",
"url": "https://bugzilla.suse.com/1140359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-12973"
},
{
"cve": "CVE-2020-6851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6851"
}
],
"notes": [
{
"category": "general",
"text": "OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6851",
"url": "https://www.suse.com/security/cve/CVE-2020-6851"
},
{
"category": "external",
"summary": "SUSE Bug 1160782 for CVE-2020-6851",
"url": "https://bugzilla.suse.com/1160782"
},
{
"category": "external",
"summary": "SUSE Bug 1162090 for CVE-2020-6851",
"url": "https://bugzilla.suse.com/1162090"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6851"
},
{
"cve": "CVE-2020-8112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8112"
}
],
"notes": [
{
"category": "general",
"text": "opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8112",
"url": "https://www.suse.com/security/cve/CVE-2020-8112"
},
{
"category": "external",
"summary": "SUSE Bug 1162090 for CVE-2020-8112",
"url": "https://bugzilla.suse.com/1162090"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-8112"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…