Overview

File _patchinfo of Package patchinfo.8154

<patchinfo incident="8154">
  <issue id="1072124" tracker="bnc">VUL-0: CVE-2017-17480: openjpeg2: Stack-based buffer overflow in the pgxtovolume function in jp3d/convert.c</issue>
  <issue id="1072125" tracker="bnc">VUL-0: CVE-2017-17479: openjpeg2: Stack-based buffer overflow in the pgxtoimage function in jpwl/convert.c</issue>
  <issue id="1066713" tracker="bnc">VUL-0: CVE-2015-1239: openjpeg2: Double free vulnerability in the j2k_read_ppm_v3 function allows remote attackers to cause DoS</issue>
  <issue id="2017-17479" tracker="cve" />
  <issue id="2017-171479" tracker="cve" />
  <issue id="2015-1239" tracker="cve" />
  <issue id="2017-17480" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>hpjansson</packager>
  <description>This update for openjpeg2 fixes the following security issues:

- CVE-2015-1239: A double free vulnerability in the j2k_read_ppm_v3 function allowed remote attackers to cause a denial of service (crash) (bsc#1066713)
- CVE-2017-17479: A stack-based buffer overflow in the pgxtoimage function in jpwl/convert.c could crash the converter. (bsc#1072125)
- CVE-2017-17480: A stack-based buffer overflow in the pgxtovolume function in jp3d/convert.c could crash the converter. (bsc#1072124)

This update was imported from the SUSE:SLE-12-SP2:Update update project.</description>
  <summary>Security update for openjpeg2</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places