Overview

File _patchinfo of Package patchinfo.5655

<patchinfo incident="5655">
  <issue id="1056562" tracker="bnc">VUL-0: CVE-2017-14041: openjpeg2: A stack-based buffer overflow was discovered in the pgxtoimage functionin bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes anout-of-bounds write, which may lead to remote denial of service or</issue>
  <issue id="1056621" tracker="bnc">VUL-0: CVE-2017-14040: openjpeg2: An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG2.2.0, triggering a crash in the tgatoimage function. The vulnerabilitymay lead to remote denial of service or possibly unspecified o</issue>
  <issue id="1056421" tracker="bnc">VUL-0: CVE-2016-10507: openjpeg2: integer overflow in bmp24toimage</issue>
  <issue id="1056622" tracker="bnc">VUL-0: CVE-2017-14039: openjpeg2: A heap-based buffer overflow was discovered in the opj_t2_encode_packetfunction in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerabilitycauses an out-of-bounds write, which may lead to remote denial ofse</issue>
  <issue id="1057511" tracker="bnc">VUL-0: CVE-2017-14164: openjpeg2: incomplete fix for CVE-2017-14152 causes an out-of-bounds write, which may lead to remote denial of service</issue>
  <issue id="2016-10507" tracker="cve" />
  <issue id="2017-14039" tracker="cve" />
  <issue id="2017-14041" tracker="cve" />
  <issue id="2017-14040" tracker="cve" />
  <issue id="2017-14164" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>hpjansson</packager>
  <description>This update for openjpeg2 fixes several issues.

These security issues were fixed:

- CVE-2016-10507: Integer overflow vulnerability in the bmp24toimage function
  allowed remote attackers to cause a denial of service (heap-based buffer
  over-read and application crash) via a crafted bmp file (bsc#1056421).
- CVE-2017-14039: A heap-based buffer overflow was discovered in the
  opj_t2_encode_packet function. The vulnerability caused an out-of-bounds write,
  which may have lead to remote denial of service or possibly unspecified other
  impact (bsc#1056622).
- CVE-2017-14164: A size-validation issue was discovered in opj_j2k_write_sot.
  The vulnerability caused an out-of-bounds write, which may have lead to remote
  DoS or possibly remote code execution (bsc#1057511).
- CVE-2017-14040: An invalid write access was discovered in bin/jp2/convert.c,
  triggering a crash in the tgatoimage function. The vulnerability may have lead
  to remote denial of service or possibly unspecified other impact (bsc#1056621).
- CVE-2017-14041: A stack-based buffer overflow was discovered in the
  pgxtoimage function. The vulnerability caused an out-of-bounds write, which may
  have lead to remote denial of service or possibly remote code execution
  (bsc#1056562).
</description>
  <summary>Security update for openjpeg2</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places