Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2022:1129-1 Important: Openjpeg2 Buffer Overflow Threats

suse
Calendar Grey April 7, 2022
Dist Suse Esm H88
This SUSE Security Patch resolves 13 security flaws within openjpeg2 for improved system safety.
An update that fixes 13 vulnerabilities is now available

Summary

This update for openjpeg2 fixes the following issues: - CVE-2016-1924: Fixed heap buffer overflow (bsc#980504). - CVE-2016-3183: Fixed out-of-bounds read in sycc422_to_rgb function (bsc#971617). - CVE-2016-4797: Fixed heap buffer overflow (bsc#980504). - CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c (bsc#1102016). - CVE-2018-16375: Fixed missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c (bsc#1106882). - CVE-2018-16376: Fixed heap-based buffer overflow function t2_encode_packet in lib/openmj2/t2.c (bsc#1106881). - CVE-2018-20845: Fixed division-by-zero in the functions pi_next_pcrl,

Topics%20covered

Topics Covered

security advisory buffer overflow remote attack important patch management SUSE openjpeg2

References

#1102016 #1106881 #1106882 #1140130 #1140205

#1162090 #1173578 #1180457 #1184774 #1197738

#971617 #980504

Cross- CVE-2016-1924 CVE-2016-3183 CVE-2016-4797

CVE-2018-14423 CVE-2018-16375 CVE-2018-16376

CVE-2018-20845 CVE-2018-20846 CVE-2020-15389

CVE-2020-27823 CVE-2020-8112 CVE-2021-29338

CVE-2022-1122

CVSS scores:

CVE-2016-1924 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2016-1924 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2016-3183 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2016-4797 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2016-4797 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2018-14423 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:1129-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow remote attack important patch management SUSE openjpeg2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here