Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE Linux Server: 2022:3802-1 Important Heap Overflow and Threats

suse
Calendar Grey October 27, 2022
Dist Suse Esm H88
A crucial announcement regarding openjpeg2 addresses several significant security flaws in SUSE offerings. Discover further details about the update.
An update that fixes 8 vulnerabilities is now available

Summary

This update for openjpeg2 fixes the following issues: - CVE-2018-20846: Fixed OOB read in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c (bsc#1140205). - CVE-2018-21010: Fixed heap buffer overflow in color_apply_icc_profile in bin/common/color.c (bsc#1149789). - CVE-2020-27814: Fixed heap buffer overflow in lib/openjp2/mqc.c (bsc#1179594), - CVE-2020-27824: Fixed OOB read in opj_dwt_calc_explicit_stepsizes() (bsc#1179821). - CVE-2020-27841: Fixed buffer over-read in lib/openjp2/pi.c (bsc#1180042). - CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (bsc#1180043). - CVE-2020-27843: Fixed OOB read in opj_t2_encode_packet function in openjp2/t2.c (bsc#1180044).

Topics%20covered

Topics Covered

security advisory critical patch heap overflow SUSE Linux important update buffer over-read openjpeg2

References

#1140205 #1149789 #1179594 #1179821 #1180042

#1180043 #1180044 #1180046

Cross- CVE-2018-20846 CVE-2018-21010 CVE-2020-27814

CVE-2020-27824 CVE-2020-27841 CVE-2020-27842

CVE-2020-27843 CVE-2020-27845

CVSS scores:

CVE-2018-20846 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2018-20846 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2018-21010 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2018-21010 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2020-27814 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2020-27814 (SUSE): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CVE-2020-27824 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:3802-1
Rating: important

Topics%20covered

Topics Covered

security advisory critical patch heap overflow SUSE Linux important update buffer over-read openjpeg2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here