Security update for openjpeg2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:2685-1 Final 1 1 2017-10-10T07:16:40Z current 2017-10-10T07:16:40Z 2017-10-10T07:16:40Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for openjpeg2 This update for openjpeg2 fixes several issues. These security issues were fixed: - CVE-2016-10507: Integer overflow vulnerability in the bmp24toimage function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file (bsc#1056421). - CVE-2017-14039: A heap-based buffer overflow was discovered in the opj_t2_encode_packet function. The vulnerability caused an out-of-bounds write, which may have lead to remote denial of service or possibly unspecified other impact (bsc#1056622). - CVE-2017-14164: A size-validation issue was discovered in opj_j2k_write_sot. The vulnerability caused an out-of-bounds write, which may have lead to remote DoS or possibly remote code execution (bsc#1057511). - CVE-2017-14040: An invalid write access was discovered in bin/jp2/convert.c, triggering a crash in the tgatoimage function. The vulnerability may have lead to remote denial of service or possibly unspecified other impact (bsc#1056621). - CVE-2017-14041: A stack-based buffer overflow was discovered in the pgxtoimage function. The vulnerability caused an out-of-bounds write, which may have lead to remote denial of service or possibly remote code execution (bsc#1056562). This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2017-1142 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1056421 SUSE Bug 1056421 https://bugzilla.suse.com/1056562 SUSE Bug 1056562 https://bugzilla.suse.com/1056621 SUSE Bug 1056621 https://bugzilla.suse.com/1056622 SUSE Bug 1056622 https://bugzilla.suse.com/1057511 SUSE Bug 1057511 https://www.suse.com/security/cve/CVE-2016-10507/ SUSE CVE CVE-2016-10507 page https://www.suse.com/security/cve/CVE-2017-14039/ SUSE CVE CVE-2017-14039 page https://www.suse.com/security/cve/CVE-2017-14040/ SUSE CVE CVE-2017-14040 page https://www.suse.com/security/cve/CVE-2017-14041/ SUSE CVE CVE-2017-14041 page https://www.suse.com/security/cve/CVE-2017-14164/ SUSE CVE CVE-2017-14164 page SUSE Package Hub 12 SUSE Package Hub 12 SP1 libopenjp2-7-2.1.0-9.1 openjpeg2-2.1.0-9.1 openjpeg2-devel-2.1.0-9.1 libopenjp2-7-2.1.0-9.1 as a component of SUSE Package Hub 12 openjpeg2-2.1.0-9.1 as a component of SUSE Package Hub 12 openjpeg2-devel-2.1.0-9.1 as a component of SUSE Package Hub 12 libopenjp2-7-2.1.0-9.1 as a component of SUSE Package Hub 12 SP1 openjpeg2-2.1.0-9.1 as a component of SUSE Package Hub 12 SP1 openjpeg2-devel-2.1.0-9.1 as a component of SUSE Package Hub 12 SP1 Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file. CVE-2016-10507 SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-9.1 SUSE Package Hub 12 SP1:openjpeg2-2.1.0-9.1 SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-9.1 SUSE Package Hub 12:libopenjp2-7-2.1.0-9.1 SUSE Package Hub 12:openjpeg2-2.1.0-9.1 SUSE Package Hub 12:openjpeg2-devel-2.1.0-9.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10507.html CVE-2016-10507 https://bugzilla.suse.com/1056421 SUSE Bug 1056421 A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. CVE-2017-14039 SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-9.1 SUSE Package Hub 12 SP1:openjpeg2-2.1.0-9.1 SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-9.1 SUSE Package Hub 12:libopenjp2-7-2.1.0-9.1 SUSE Package Hub 12:openjpeg2-2.1.0-9.1 SUSE Package Hub 12:openjpeg2-devel-2.1.0-9.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14039.html CVE-2017-14039 https://bugzilla.suse.com/1056622 SUSE Bug 1056622 https://bugzilla.suse.com/1057511 SUSE Bug 1057511 An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact. CVE-2017-14040 SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-9.1 SUSE Package Hub 12 SP1:openjpeg2-2.1.0-9.1 SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-9.1 SUSE Package Hub 12:libopenjp2-7-2.1.0-9.1 SUSE Package Hub 12:openjpeg2-2.1.0-9.1 SUSE Package Hub 12:openjpeg2-devel-2.1.0-9.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14040.html CVE-2017-14040 https://bugzilla.suse.com/1056621 SUSE Bug 1056621 A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. CVE-2017-14041 SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-9.1 SUSE Package Hub 12 SP1:openjpeg2-2.1.0-9.1 SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-9.1 SUSE Package Hub 12:libopenjp2-7-2.1.0-9.1 SUSE Package Hub 12:openjpeg2-2.1.0-9.1 SUSE Package Hub 12:openjpeg2-devel-2.1.0-9.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14041.html CVE-2017-14041 https://bugzilla.suse.com/1056562 SUSE Bug 1056562 A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152. CVE-2017-14164 SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-9.1 SUSE Package Hub 12 SP1:openjpeg2-2.1.0-9.1 SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-9.1 SUSE Package Hub 12:libopenjp2-7-2.1.0-9.1 SUSE Package Hub 12:openjpeg2-2.1.0-9.1 SUSE Package Hub 12:openjpeg2-devel-2.1.0-9.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14164.html CVE-2017-14164 https://bugzilla.suse.com/1057511 SUSE Bug 1057511