Security update for openjpeg2
This update for openjpeg2 fixes the following security issues:
- CVE-2015-1239: A double free vulnerability in the j2k_read_ppm_v3 function allowed remote attackers to cause a denial of service (crash) (bsc#1066713)
- CVE-2017-17479: A stack-based buffer overflow in the pgxtoimage function in jpwl/convert.c could crash the converter. (bsc#1072125)
- CVE-2017-17480: A stack-based buffer overflow in the pgxtovolume function in jp3d/convert.c could crash the converter. (bsc#1072124)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
-
Submitted by
Hans Petter Jansson (hpjansson)
Fixed bugs
bnc#1072124
VUL-0: CVE-2017-17480: openjpeg2: Stack-based buffer overflow in the pgxtovolume function in jp3d/convert.c
bnc#1072125
VUL-0: CVE-2017-17479: openjpeg2: Stack-based buffer overflow in the pgxtoimage function in jpwl/convert.c
bnc#1066713
VUL-0: CVE-2015-1239: openjpeg2: Double free vulnerability in the j2k_read_ppm_v3 function allows remote attackers to cause DoS
