{"affected":[{"ecosystem_specific":{"binaries":[{"libopenjp2-7":"2.1.0-9.1","openjpeg2":"2.1.0-9.1","openjpeg2-devel":"2.1.0-9.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"openjpeg2","purl":"pkg:rpm/suse/openjpeg2&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.1.0-9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libopenjp2-7":"2.1.0-9.1","openjpeg2":"2.1.0-9.1","openjpeg2-devel":"2.1.0-9.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12 SP1","name":"openjpeg2","purl":"pkg:rpm/suse/openjpeg2&distro=SUSE%20Package%20Hub%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.1.0-9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for openjpeg2 fixes several issues.\n\nThese security issues were fixed:\n\n- CVE-2016-10507: Integer overflow vulnerability in the bmp24toimage function\n  allowed remote attackers to cause a denial of service (heap-based buffer\n  over-read and application crash) via a crafted bmp file (bsc#1056421).\n- CVE-2017-14039: A heap-based buffer overflow was discovered in the\n  opj_t2_encode_packet function. The vulnerability caused an out-of-bounds write,\n  which may have lead to remote denial of service or possibly unspecified other\n  impact (bsc#1056622).\n- CVE-2017-14164: A size-validation issue was discovered in opj_j2k_write_sot.\n  The vulnerability caused an out-of-bounds write, which may have lead to remote\n  DoS or possibly remote code execution (bsc#1057511).\n- CVE-2017-14040: An invalid write access was discovered in bin/jp2/convert.c,\n  triggering a crash in the tgatoimage function. The vulnerability may have lead\n  to remote denial of service or possibly unspecified other impact (bsc#1056621).\n- CVE-2017-14041: A stack-based buffer overflow was discovered in the\n  pgxtoimage function. The vulnerability caused an out-of-bounds write, which may\n  have lead to remote denial of service or possibly remote code execution\n  (bsc#1056562).\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.","id":"openSUSE-SU-2017:2685-1","modified":"2017-10-10T07:16:40Z","published":"2017-10-10T07:16:40Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1056421"},{"type":"REPORT","url":"https://bugzilla.suse.com/1056562"},{"type":"REPORT","url":"https://bugzilla.suse.com/1056621"},{"type":"REPORT","url":"https://bugzilla.suse.com/1056622"},{"type":"REPORT","url":"https://bugzilla.suse.com/1057511"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-10507"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14039"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14040"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14041"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14164"}],"related":["CVE-2016-10507","CVE-2017-14039","CVE-2017-14040","CVE-2017-14041","CVE-2017-14164"],"summary":"Security update for openjpeg2","upstream":["CVE-2016-10507","CVE-2017-14039","CVE-2017-14040","CVE-2017-14041","CVE-2017-14164"]}