Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-9572 (GCVE-0-2016-9572)
Vulnerability from cvelistv5 – Published: 2018-08-01 16:00 – Updated: 2024-08-06 02:50
VLAI?
EPSS
Summary
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.
Severity ?
5.9 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The OpenJPEG Project | openjpeg |
Affected:
2.1.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201710-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-26"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/uclouvain/openjpeg/issues/863"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572"
},
{
"name": "DSA-3768",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3768"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "109233",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109233"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openjpeg",
"vendor": "The OpenJPEG Project",
"versions": [
{
"status": "affected",
"version": "2.1.2"
}
]
}
],
"datePublic": "2016-10-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-23T22:31:32",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201710-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-26"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/uclouvain/openjpeg/issues/863"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572"
},
{
"name": "DSA-3768",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3768"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "109233",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109233"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9572",
"datePublished": "2018-08-01T16:00:00",
"dateReserved": "2016-11-23T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:uclouvain:openjpeg:2.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CFB3AF6-73C9-4567-9FA4-DE81159128D7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.\"}, {\"lang\": \"es\", \"value\": \"Se ha detectado un error de desreferencia de puntero NULL en la forma en la que openjpeg 2.1.2 descifraba ciertas im\\u00e1genes de entrada. Debido a un error de l\\u00f3gica en el c\\u00f3digo responsable de descifrar la imagen de entrada, una aplicaci\\u00f3n que emplee openjpeg para procesar datos de im\\u00e1genes podr\\u00eda cerrarse inesperadamente al procesar una imagen manipulada.\"}]",
"id": "CVE-2016-9572",
"lastModified": "2024-11-21T03:01:24.860",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-08-01T16:29:00.383",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/109233\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/uclouvain/openjpeg/issues/863\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201710-26\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2017/dsa-3768\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/109233\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/uclouvain/openjpeg/issues/863\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201710-26\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2017/dsa-3768\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-9572\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-08-01T16:29:00.383\",\"lastModified\":\"2024-11-21T03:01:24.860\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado un error de desreferencia de puntero NULL en la forma en la que openjpeg 2.1.2 descifraba ciertas im\u00e1genes de entrada. Debido a un error de l\u00f3gica en el c\u00f3digo responsable de descifrar la imagen de entrada, una aplicaci\u00f3n que emplee openjpeg para procesar datos de im\u00e1genes podr\u00eda cerrarse inesperadamente al procesar una imagen manipulada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:uclouvain:openjpeg:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CFB3AF6-73C9-4567-9FA4-DE81159128D7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/109233\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/uclouvain/openjpeg/issues/863\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201710-26\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-3768\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/109233\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/uclouvain/openjpeg/issues/863\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201710-26\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-3768\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CNVD-2017-34866
Vulnerability from cnvd - Published: 2017-11-22
VLAI Severity ?
Title
OpenJPEG堆缓冲区溢出漏洞(CNVD-2017-34866)
Description
OpenJPEG是一个C语言编写的开放源码的JPEG 2000编解码器。
OpenJPEG存在堆缓冲区溢出漏洞,由于imagetopnm()检查不足,攻击者可利用漏洞导致堆缓冲区溢出。
Severity
中
Formal description
厂商已发布漏洞修复程序,请及时关注更新: https://lwn.net/Articles/734818/
Reference
https://lwn.net/Articles/734818/
Impacted products
| Name | OpenJPEG OpenJPEG |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2016-9572"
}
},
"description": "OpenJPEG\u662f\u4e00\u4e2aC\u8bed\u8a00\u7f16\u5199\u7684\u5f00\u653e\u6e90\u7801\u7684JPEG 2000\u7f16\u89e3\u7801\u5668\u3002\r\n\r\nOpenJPEG\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u7531\u4e8eimagetopnm()\u68c0\u67e5\u4e0d\u8db3\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u3002",
"discovererName": "unknow",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lwn.net/Articles/734818/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-34866",
"openTime": "2017-11-22",
"products": {
"product": "OpenJPEG OpenJPEG"
},
"referenceLink": "https://lwn.net/Articles/734818/",
"serverity": "\u4e2d",
"submitTime": "2017-09-27",
"title": "OpenJPEG\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2017-34866\uff09"
}
GHSA-3FXP-M3GR-PFVM
Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16
VLAI?
Details
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.
Severity ?
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2016-9572"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-01T16:29:00Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.",
"id": "GHSA-3fxp-m3gr-pfvm",
"modified": "2022-05-13T01:16:23Z",
"published": "2022-05-13T01:16:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9572"
},
{
"type": "WEB",
"url": "https://github.com/uclouvain/openjpeg/issues/863"
},
{
"type": "WEB",
"url": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201710-26"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3768"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/109233"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2016-9572
Vulnerability from fkie_nvd - Published: 2018-08-01 16:29 - Updated: 2024-11-21 03:01
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uclouvain | openjpeg | 2.1.2 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uclouvain:openjpeg:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1CFB3AF6-73C9-4567-9FA4-DE81159128D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image."
},
{
"lang": "es",
"value": "Se ha detectado un error de desreferencia de puntero NULL en la forma en la que openjpeg 2.1.2 descifraba ciertas im\u00e1genes de entrada. Debido a un error de l\u00f3gica en el c\u00f3digo responsable de descifrar la imagen de entrada, una aplicaci\u00f3n que emplee openjpeg para procesar datos de im\u00e1genes podr\u00eda cerrarse inesperadamente al procesar una imagen manipulada."
}
],
"id": "CVE-2016-9572",
"lastModified": "2024-11-21T03:01:24.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-01T16:29:00.383",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/109233"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/uclouvain/openjpeg/issues/863"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201710-26"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3768"
},
{
"source": "secalert@redhat.com",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/109233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/uclouvain/openjpeg/issues/863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201710-26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
GSD-2016-9572
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-9572",
"description": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.",
"id": "GSD-2016-9572",
"references": [
"https://www.suse.com/security/cve/CVE-2016-9572.html",
"https://www.debian.org/security/2017/dsa-3768",
"https://advisories.mageia.org/CVE-2016-9572.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-9572"
],
"details": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.",
"id": "GSD-2016-9572",
"modified": "2023-12-13T01:21:21.323849Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openjpeg",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.1.2"
}
]
}
}
]
},
"vendor_name": "The OpenJPEG Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-476",
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "http://www.securityfocus.com/bid/109233",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/109233"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572"
},
{
"name": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"refsource": "MISC",
"url": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d"
},
{
"name": "https://github.com/uclouvain/openjpeg/issues/863",
"refsource": "MISC",
"url": "https://github.com/uclouvain/openjpeg/issues/863"
},
{
"name": "https://security.gentoo.org/glsa/201710-26",
"refsource": "MISC",
"url": "https://security.gentoo.org/glsa/201710-26"
},
{
"name": "https://www.debian.org/security/2017/dsa-3768",
"refsource": "MISC",
"url": "https://www.debian.org/security/2017/dsa-3768"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:uclouvain:openjpeg:2.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9572"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572"
},
{
"name": "https://github.com/uclouvain/openjpeg/issues/863",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/uclouvain/openjpeg/issues/863"
},
{
"name": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d"
},
{
"name": "DSA-3768",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3768"
},
{
"name": "GLSA-201710-26",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201710-26"
},
{
"name": "109233",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/109233"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"tags": [],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-02-12T23:27Z",
"publishedDate": "2018-08-01T16:29Z"
}
}
}
SUSE-SU-2016:3270-1
Vulnerability from csaf_suse - Published: 2016-12-27 10:28 - Updated: 2016-12-27 10:28Summary
Security update for openjpeg2
Notes
Title of the patch
Security update for openjpeg2
Description of the patch
This update for openjpeg2 fixes the following issues:
* CVE-2016-9114: NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740]
* CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741]
* CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975]
* CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743]
* CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744]
* CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747]
* CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742]
* CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739]
* CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543]
* CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414]
* CVE-2016-7445: Null pointer dereference in convert.c could lead to crash [bsc#999817]
Patchnames
SUSE-SLE-DESKTOP-12-SP2-2016-1914,SUSE-SLE-RPI-12-SP2-2016-1914,SUSE-SLE-SERVER-12-SP2-2016-1914
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openjpeg2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for openjpeg2 fixes the following issues:\n\n* CVE-2016-9114: NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740]\n* CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741]\n* CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975]\n* CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n* CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] \n* CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] \n* CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n* CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] \n* CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543]\n* CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] \n* CVE-2016-7445: Null pointer dereference in convert.c could lead to crash [bsc#999817] \n \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP2-2016-1914,SUSE-SLE-RPI-12-SP2-2016-1914,SUSE-SLE-SERVER-12-SP2-2016-1914",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_3270-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:3270-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20163270-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:3270-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-December/002525.html"
},
{
"category": "self",
"summary": "SUSE Bug 1002414",
"url": "https://bugzilla.suse.com/1002414"
},
{
"category": "self",
"summary": "SUSE Bug 1007739",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "self",
"summary": "SUSE Bug 1007740",
"url": "https://bugzilla.suse.com/1007740"
},
{
"category": "self",
"summary": "SUSE Bug 1007741",
"url": "https://bugzilla.suse.com/1007741"
},
{
"category": "self",
"summary": "SUSE Bug 1007742",
"url": "https://bugzilla.suse.com/1007742"
},
{
"category": "self",
"summary": "SUSE Bug 1007743",
"url": "https://bugzilla.suse.com/1007743"
},
{
"category": "self",
"summary": "SUSE Bug 1007744",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "self",
"summary": "SUSE Bug 1007747",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "self",
"summary": "SUSE Bug 1014543",
"url": "https://bugzilla.suse.com/1014543"
},
{
"category": "self",
"summary": "SUSE Bug 1014975",
"url": "https://bugzilla.suse.com/1014975"
},
{
"category": "self",
"summary": "SUSE Bug 999817",
"url": "https://bugzilla.suse.com/999817"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7445 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7445/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8332 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9112 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9113 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9114 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9115 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9116 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9117 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9118 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9572 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9573 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9573/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9580 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9581 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9581/"
}
],
"title": "Security update for openjpeg2",
"tracking": {
"current_release_date": "2016-12-27T10:28:49Z",
"generator": {
"date": "2016-12-27T10:28:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:3270-1",
"initial_release_date": "2016-12-27T10:28:49Z",
"revision_history": [
{
"date": "2016-12-27T10:28:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-3.1.aarch64",
"product": {
"name": "libopenjp2-7-2.1.0-3.1.aarch64",
"product_id": "libopenjp2-7-2.1.0-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-3.1.ppc64le",
"product": {
"name": "libopenjp2-7-2.1.0-3.1.ppc64le",
"product_id": "libopenjp2-7-2.1.0-3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-3.1.s390x",
"product": {
"name": "libopenjp2-7-2.1.0-3.1.s390x",
"product_id": "libopenjp2-7-2.1.0-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-3.1.x86_64",
"product": {
"name": "libopenjp2-7-2.1.0-3.1.x86_64",
"product_id": "libopenjp2-7-2.1.0-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
},
"product_reference": "libopenjp2-7-2.1.0-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-3.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64"
},
"product_reference": "libopenjp2-7-2.1.0-3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64"
},
"product_reference": "libopenjp2-7-2.1.0-3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le"
},
"product_reference": "libopenjp2-7-2.1.0-3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-3.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x"
},
"product_reference": "libopenjp2-7-2.1.0-3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
},
"product_reference": "libopenjp2-7-2.1.0-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64"
},
"product_reference": "libopenjp2-7-2.1.0-3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le"
},
"product_reference": "libopenjp2-7-2.1.0-3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x"
},
"product_reference": "libopenjp2-7-2.1.0-3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
},
"product_reference": "libopenjp2-7-2.1.0-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-7445",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7445"
}
],
"notes": [
{
"category": "general",
"text": "convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7445",
"url": "https://www.suse.com/security/cve/CVE-2016-7445"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-7445",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-7445",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-7445",
"url": "https://bugzilla.suse.com/1015662"
},
{
"category": "external",
"summary": "SUSE Bug 999817 for CVE-2016-7445",
"url": "https://bugzilla.suse.com/999817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "important"
}
],
"title": "CVE-2016-7445"
},
{
"cve": "CVE-2016-8332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8332"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8332",
"url": "https://www.suse.com/security/cve/CVE-2016-8332"
},
{
"category": "external",
"summary": "SUSE Bug 1002414 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1002414"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "important"
}
],
"title": "CVE-2016-8332"
},
{
"cve": "CVE-2016-9112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9112"
}
],
"notes": [
{
"category": "general",
"text": "Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9112",
"url": "https://www.suse.com/security/cve/CVE-2016-9112"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9112",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9112",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9112",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9112",
"url": "https://bugzilla.suse.com/1015662"
},
{
"category": "external",
"summary": "SUSE Bug 1056396 for CVE-2016-9112",
"url": "https://bugzilla.suse.com/1056396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-9112"
},
{
"cve": "CVE-2016-9113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9113"
}
],
"notes": [
{
"category": "general",
"text": "There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image-\u003ecomps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9113",
"url": "https://www.suse.com/security/cve/CVE-2016-9113"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9113",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9113",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9113",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9113",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-9113"
},
{
"cve": "CVE-2016-9114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9114"
}
],
"notes": [
{
"category": "general",
"text": "There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image-\u003ecomps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9114",
"url": "https://www.suse.com/security/cve/CVE-2016-9114"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9114",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007740 for CVE-2016-9114",
"url": "https://bugzilla.suse.com/1007740"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9114",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9114",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9114",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-9114"
},
{
"cve": "CVE-2016-9115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9115"
}
],
"notes": [
{
"category": "general",
"text": "Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9115",
"url": "https://www.suse.com/security/cve/CVE-2016-9115"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9115",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007741 for CVE-2016-9115",
"url": "https://bugzilla.suse.com/1007741"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9115",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9115",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9115",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-9115"
},
{
"cve": "CVE-2016-9116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9116"
}
],
"notes": [
{
"category": "general",
"text": "NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9116",
"url": "https://www.suse.com/security/cve/CVE-2016-9116"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9116",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007742 for CVE-2016-9116",
"url": "https://bugzilla.suse.com/1007742"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9116",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9116",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9116",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-9116"
},
{
"cve": "CVE-2016-9117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9117"
}
],
"notes": [
{
"category": "general",
"text": "NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9117",
"url": "https://www.suse.com/security/cve/CVE-2016-9117"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9117",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007743 for CVE-2016-9117",
"url": "https://bugzilla.suse.com/1007743"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9117",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9117",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9117",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-9117"
},
{
"cve": "CVE-2016-9118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9118"
}
],
"notes": [
{
"category": "general",
"text": "Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9118",
"url": "https://www.suse.com/security/cve/CVE-2016-9118"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9118",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9118",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9118",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9118",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-9118"
},
{
"cve": "CVE-2016-9572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9572"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9572",
"url": "https://www.suse.com/security/cve/CVE-2016-9572"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9572",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9572",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1014543 for CVE-2016-9572",
"url": "https://bugzilla.suse.com/1014543"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9572",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-9572"
},
{
"cve": "CVE-2016-9573",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9573"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9573",
"url": "https://www.suse.com/security/cve/CVE-2016-9573"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9573",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9573",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1014543 for CVE-2016-9573",
"url": "https://bugzilla.suse.com/1014543"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9573",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-9573"
},
{
"cve": "CVE-2016-9580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9580"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9580",
"url": "https://www.suse.com/security/cve/CVE-2016-9580"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9580",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9580",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1014975 for CVE-2016-9580",
"url": "https://bugzilla.suse.com/1014975"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9580",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-9580"
},
{
"cve": "CVE-2016-9581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9581"
}
],
"notes": [
{
"category": "general",
"text": "An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9581",
"url": "https://www.suse.com/security/cve/CVE-2016-9581"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9581",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9581",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1014975 for CVE-2016-9581",
"url": "https://bugzilla.suse.com/1014975"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9581",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-27T10:28:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-9581"
}
]
}
OPENSUSE-SU-2017:2567-1
Vulnerability from csaf_opensuse - Published: 2017-09-25 21:34 - Updated: 2017-09-25 21:34Summary
Security update for openjpeg2
Notes
Title of the patch
Security update for openjpeg2
Description of the patch
This update for openjpeg2 fixes the following issues:
* CVE-2016-9114: NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740]
* CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741]
* CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975]
* CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743]
* CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744]
* CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747]
* CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742]
* CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739]
* CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543]
* CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414]
* CVE-2016-7445: Null pointer dereference in convert.c could lead to crash [bsc#999817]
* CVE 2016-7163: Integer Overflow could lead to remote code execution [bsc#997857]
* CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead to denial of service [bsc#979907]
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Patchnames
openSUSE-2017-1090
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openjpeg2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openjpeg2 fixes the following issues:\n\n* CVE-2016-9114: NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740]\n* CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741]\n* CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975]\n* CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n* CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] \n* CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] \n* CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n* CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] \n* CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543]\n* CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] \n* CVE-2016-7445: Null pointer dereference in convert.c could lead to crash [bsc#999817] \n* CVE 2016-7163: Integer Overflow could lead to remote code execution [bsc#997857]\n* CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead to denial of service [bsc#979907]\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2017-1090",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2017_2567-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2017:2567-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AL7JYPSOTOZ4UZQTE7T4Y3J7RCMV7M6M/#AL7JYPSOTOZ4UZQTE7T4Y3J7RCMV7M6M"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2017:2567-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AL7JYPSOTOZ4UZQTE7T4Y3J7RCMV7M6M/#AL7JYPSOTOZ4UZQTE7T4Y3J7RCMV7M6M"
},
{
"category": "self",
"summary": "SUSE Bug 1002414",
"url": "https://bugzilla.suse.com/1002414"
},
{
"category": "self",
"summary": "SUSE Bug 1007739",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "self",
"summary": "SUSE Bug 1007740",
"url": "https://bugzilla.suse.com/1007740"
},
{
"category": "self",
"summary": "SUSE Bug 1007741",
"url": "https://bugzilla.suse.com/1007741"
},
{
"category": "self",
"summary": "SUSE Bug 1007742",
"url": "https://bugzilla.suse.com/1007742"
},
{
"category": "self",
"summary": "SUSE Bug 1007743",
"url": "https://bugzilla.suse.com/1007743"
},
{
"category": "self",
"summary": "SUSE Bug 1007744",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "self",
"summary": "SUSE Bug 1007747",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "self",
"summary": "SUSE Bug 1014543",
"url": "https://bugzilla.suse.com/1014543"
},
{
"category": "self",
"summary": "SUSE Bug 1014975",
"url": "https://bugzilla.suse.com/1014975"
},
{
"category": "self",
"summary": "SUSE Bug 979907",
"url": "https://bugzilla.suse.com/979907"
},
{
"category": "self",
"summary": "SUSE Bug 997857",
"url": "https://bugzilla.suse.com/997857"
},
{
"category": "self",
"summary": "SUSE Bug 999817",
"url": "https://bugzilla.suse.com/999817"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8871 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7163 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7445 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7445/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8332 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9112 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9113 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9114 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9115 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9116 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9117 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9118 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9572 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9573 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9573/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9580 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9581 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9581/"
}
],
"title": "Security update for openjpeg2",
"tracking": {
"current_release_date": "2017-09-25T21:34:20Z",
"generator": {
"date": "2017-09-25T21:34:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2017:2567-1",
"initial_release_date": "2017-09-25T21:34:20Z",
"revision_history": [
{
"date": "2017-09-25T21:34:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-6.1.aarch64",
"product": {
"name": "libopenjp2-7-2.1.0-6.1.aarch64",
"product_id": "libopenjp2-7-2.1.0-6.1.aarch64"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.1.0-6.1.aarch64",
"product": {
"name": "openjpeg2-2.1.0-6.1.aarch64",
"product_id": "openjpeg2-2.1.0-6.1.aarch64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.1.0-6.1.aarch64",
"product": {
"name": "openjpeg2-devel-2.1.0-6.1.aarch64",
"product_id": "openjpeg2-devel-2.1.0-6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-6.1.ppc64le",
"product": {
"name": "libopenjp2-7-2.1.0-6.1.ppc64le",
"product_id": "libopenjp2-7-2.1.0-6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.1.0-6.1.ppc64le",
"product": {
"name": "openjpeg2-2.1.0-6.1.ppc64le",
"product_id": "openjpeg2-2.1.0-6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.1.0-6.1.ppc64le",
"product": {
"name": "openjpeg2-devel-2.1.0-6.1.ppc64le",
"product_id": "openjpeg2-devel-2.1.0-6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-6.1.s390x",
"product": {
"name": "libopenjp2-7-2.1.0-6.1.s390x",
"product_id": "libopenjp2-7-2.1.0-6.1.s390x"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.1.0-6.1.s390x",
"product": {
"name": "openjpeg2-2.1.0-6.1.s390x",
"product_id": "openjpeg2-2.1.0-6.1.s390x"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.1.0-6.1.s390x",
"product": {
"name": "openjpeg2-devel-2.1.0-6.1.s390x",
"product_id": "openjpeg2-devel-2.1.0-6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-6.1.x86_64",
"product": {
"name": "libopenjp2-7-2.1.0-6.1.x86_64",
"product_id": "libopenjp2-7-2.1.0-6.1.x86_64"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.1.0-6.1.x86_64",
"product": {
"name": "openjpeg2-2.1.0-6.1.x86_64",
"product_id": "openjpeg2-2.1.0-6.1.x86_64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.1.0-6.1.x86_64",
"product": {
"name": "openjpeg2-devel-2.1.0-6.1.x86_64",
"product_id": "openjpeg2-devel-2.1.0-6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Package Hub 12 SP1",
"product": {
"name": "SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64"
},
"product_reference": "libopenjp2-7-2.1.0-6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le"
},
"product_reference": "libopenjp2-7-2.1.0-6.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-6.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x"
},
"product_reference": "libopenjp2-7-2.1.0-6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64"
},
"product_reference": "libopenjp2-7-2.1.0-6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64"
},
"product_reference": "openjpeg2-2.1.0-6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le"
},
"product_reference": "openjpeg2-2.1.0-6.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.1.0-6.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x"
},
"product_reference": "openjpeg2-2.1.0-6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64"
},
"product_reference": "openjpeg2-2.1.0-6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64"
},
"product_reference": "openjpeg2-devel-2.1.0-6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le"
},
"product_reference": "openjpeg2-devel-2.1.0-6.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.1.0-6.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x"
},
"product_reference": "openjpeg2-devel-2.1.0-6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
},
"product_reference": "openjpeg2-devel-2.1.0-6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64"
},
"product_reference": "libopenjp2-7-2.1.0-6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le"
},
"product_reference": "libopenjp2-7-2.1.0-6.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-6.1.s390x as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x"
},
"product_reference": "libopenjp2-7-2.1.0-6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64"
},
"product_reference": "libopenjp2-7-2.1.0-6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64"
},
"product_reference": "openjpeg2-2.1.0-6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le"
},
"product_reference": "openjpeg2-2.1.0-6.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.1.0-6.1.s390x as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x"
},
"product_reference": "openjpeg2-2.1.0-6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64"
},
"product_reference": "openjpeg2-2.1.0-6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64"
},
"product_reference": "openjpeg2-devel-2.1.0-6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le"
},
"product_reference": "openjpeg2-devel-2.1.0-6.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.1.0-6.1.s390x as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x"
},
"product_reference": "openjpeg2-devel-2.1.0-6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12 SP1",
"product_id": "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64"
},
"product_reference": "openjpeg2-devel-2.1.0-6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-8871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8871"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8871",
"url": "https://www.suse.com/security/cve/CVE-2015-8871"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2015-8871",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2015-8871",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 979907 for CVE-2015-8871",
"url": "https://bugzilla.suse.com/979907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2015-8871"
},
{
"cve": "CVE-2016-7163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7163"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7163",
"url": "https://www.suse.com/security/cve/CVE-2016-7163"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-7163",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-7163",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 997857 for CVE-2016-7163",
"url": "https://bugzilla.suse.com/997857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "critical"
}
],
"title": "CVE-2016-7163"
},
{
"cve": "CVE-2016-7445",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7445"
}
],
"notes": [
{
"category": "general",
"text": "convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7445",
"url": "https://www.suse.com/security/cve/CVE-2016-7445"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-7445",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-7445",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-7445",
"url": "https://bugzilla.suse.com/1015662"
},
{
"category": "external",
"summary": "SUSE Bug 999817 for CVE-2016-7445",
"url": "https://bugzilla.suse.com/999817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "important"
}
],
"title": "CVE-2016-7445"
},
{
"cve": "CVE-2016-8332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8332"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8332",
"url": "https://www.suse.com/security/cve/CVE-2016-8332"
},
{
"category": "external",
"summary": "SUSE Bug 1002414 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1002414"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "important"
}
],
"title": "CVE-2016-8332"
},
{
"cve": "CVE-2016-9112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9112"
}
],
"notes": [
{
"category": "general",
"text": "Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9112",
"url": "https://www.suse.com/security/cve/CVE-2016-9112"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9112",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9112",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9112",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9112",
"url": "https://bugzilla.suse.com/1015662"
},
{
"category": "external",
"summary": "SUSE Bug 1056396 for CVE-2016-9112",
"url": "https://bugzilla.suse.com/1056396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-9112"
},
{
"cve": "CVE-2016-9113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9113"
}
],
"notes": [
{
"category": "general",
"text": "There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image-\u003ecomps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9113",
"url": "https://www.suse.com/security/cve/CVE-2016-9113"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9113",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9113",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9113",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9113",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-9113"
},
{
"cve": "CVE-2016-9114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9114"
}
],
"notes": [
{
"category": "general",
"text": "There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image-\u003ecomps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9114",
"url": "https://www.suse.com/security/cve/CVE-2016-9114"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9114",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007740 for CVE-2016-9114",
"url": "https://bugzilla.suse.com/1007740"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9114",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9114",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9114",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-9114"
},
{
"cve": "CVE-2016-9115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9115"
}
],
"notes": [
{
"category": "general",
"text": "Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9115",
"url": "https://www.suse.com/security/cve/CVE-2016-9115"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9115",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007741 for CVE-2016-9115",
"url": "https://bugzilla.suse.com/1007741"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9115",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9115",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9115",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-9115"
},
{
"cve": "CVE-2016-9116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9116"
}
],
"notes": [
{
"category": "general",
"text": "NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9116",
"url": "https://www.suse.com/security/cve/CVE-2016-9116"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9116",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007742 for CVE-2016-9116",
"url": "https://bugzilla.suse.com/1007742"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9116",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9116",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9116",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-9116"
},
{
"cve": "CVE-2016-9117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9117"
}
],
"notes": [
{
"category": "general",
"text": "NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9117",
"url": "https://www.suse.com/security/cve/CVE-2016-9117"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9117",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007743 for CVE-2016-9117",
"url": "https://bugzilla.suse.com/1007743"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9117",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9117",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9117",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-9117"
},
{
"cve": "CVE-2016-9118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9118"
}
],
"notes": [
{
"category": "general",
"text": "Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9118",
"url": "https://www.suse.com/security/cve/CVE-2016-9118"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9118",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9118",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1007747 for CVE-2016-9118",
"url": "https://bugzilla.suse.com/1007747"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9118",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-9118"
},
{
"cve": "CVE-2016-9572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9572"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9572",
"url": "https://www.suse.com/security/cve/CVE-2016-9572"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9572",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9572",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1014543 for CVE-2016-9572",
"url": "https://bugzilla.suse.com/1014543"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9572",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-9572"
},
{
"cve": "CVE-2016-9573",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9573"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9573",
"url": "https://www.suse.com/security/cve/CVE-2016-9573"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9573",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9573",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1014543 for CVE-2016-9573",
"url": "https://bugzilla.suse.com/1014543"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9573",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-9573"
},
{
"cve": "CVE-2016-9580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9580"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9580",
"url": "https://www.suse.com/security/cve/CVE-2016-9580"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9580",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9580",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1014975 for CVE-2016-9580",
"url": "https://bugzilla.suse.com/1014975"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9580",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-9580"
},
{
"cve": "CVE-2016-9581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9581"
}
],
"notes": [
{
"category": "general",
"text": "An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9581",
"url": "https://www.suse.com/security/cve/CVE-2016-9581"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-9581",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-9581",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1014975 for CVE-2016-9581",
"url": "https://bugzilla.suse.com/1014975"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-9581",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
"SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
"SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-25T21:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-9581"
}
]
}
CERTFR-2019-AVI-339
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Database Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Database Server | Oracle Database Server versions 5.1, 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 18.2 et 19c |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Database Server versions 5.1, 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 18.2 et 19c",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-2749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2749"
},
{
"name": "CVE-2019-2569",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2569"
},
{
"name": "CVE-2018-11058",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11058"
},
{
"name": "CVE-2019-2799",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2799"
},
{
"name": "CVE-2019-2484",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2484"
},
{
"name": "CVE-2016-9572",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9572"
},
{
"name": "CVE-2019-2753",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2753"
},
{
"name": "CVE-2019-2776",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2776"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-339",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database\nServer. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2019-5072835 du 16 juillet 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2019verbose-5072838-5072835 du 16 juillet 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019verbose-5072838.html#GLM"
}
]
}
CERTFR-2019-AVI-339
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Database Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Database Server | Oracle Database Server versions 5.1, 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 18.2 et 19c |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Database Server versions 5.1, 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 18.2 et 19c",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-2749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2749"
},
{
"name": "CVE-2019-2569",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2569"
},
{
"name": "CVE-2018-11058",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11058"
},
{
"name": "CVE-2019-2799",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2799"
},
{
"name": "CVE-2019-2484",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2484"
},
{
"name": "CVE-2016-9572",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9572"
},
{
"name": "CVE-2019-2753",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2753"
},
{
"name": "CVE-2019-2776",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2776"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-339",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database\nServer. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2019-5072835 du 16 juillet 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2019verbose-5072838-5072835 du 16 juillet 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019verbose-5072838.html#GLM"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…