Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-17480 (GCVE-0-2017-17480)
Vulnerability from cvelistv5 – Published: 2017-12-08 19:00 – Updated: 2024-08-05 20:51
VLAI?
EPSS
Summary
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/uclouvain/openjpeg/issues/1044 | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2019/dsa-4405 | vendor-advisoryx_refsource_DEBIAN |
| https://usn.ubuntu.com/4109-1/ | vendor-advisoryx_refsource_UBUNTU |
Date Public ?
2017-12-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:31.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/uclouvain/openjpeg/issues/1044"
},
{
"name": "[debian-lts-announce] 20181120 [SECURITY] [DLA 1579-1] openjpeg2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html"
},
{
"name": "DSA-4405",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4405"
},
{
"name": "USN-4109-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4109-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-21T19:06:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/uclouvain/openjpeg/issues/1044"
},
{
"name": "[debian-lts-announce] 20181120 [SECURITY] [DLA 1579-1] openjpeg2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html"
},
{
"name": "DSA-4405",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4405"
},
{
"name": "USN-4109-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4109-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/uclouvain/openjpeg/issues/1044",
"refsource": "MISC",
"url": "https://github.com/uclouvain/openjpeg/issues/1044"
},
{
"name": "[debian-lts-announce] 20181120 [SECURITY] [DLA 1579-1] openjpeg2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html"
},
{
"name": "DSA-4405",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4405"
},
{
"name": "USN-4109-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4109-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17480",
"datePublished": "2017-12-08T19:00:00.000Z",
"dateReserved": "2017-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:51:31.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2017-17480",
"date": "2026-05-14",
"epss": "0.03921",
"percentile": "0.8842"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-17480\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-12-08T19:29:00.227\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.\"},{\"lang\":\"es\",\"value\":\"En OpenJPEG 2.3.0, se ha descubierto un desbordamiento de b\u00fafer basado en pila en la funci\u00f3n pgxtovolume en jp3d/convert.c. Esta vulnerabilidad tiene como consecuencia una escritura fuera de l\u00edmites, lo que podr\u00eda dar lugar a una denegaci\u00f3n de servicio remota o a una posible ejecuci\u00f3n remota de c\u00f3digo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:uclouvain:openjpeg:2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"459BFDFA-A27B-4C47-A966-9E99E022BD04\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]}],\"references\":[{\"url\":\"https://github.com/uclouvain/openjpeg/issues/1044\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4109-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4405\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/uclouvain/openjpeg/issues/1044\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4109-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4405\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CNVD-2017-38123
Vulnerability from cnvd - Published: 2017-12-26
VLAI Severity ?
Title
OpenJPEG缓冲区溢出漏洞(CNVD-2017-38123)
Description
OpenJPEG是一款基于C语言的开源JPEG 2000编码解码器。
OpenJPEG 2.3.0版本中的jp3d/convert.c文件的‘pgxtovolume’函数存在栈缓冲区溢出漏洞。远程攻击者可利用该漏洞造成拒绝服务或可能执行代码(越边界写入)。
Severity
高
Formal description
目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法: http://www.openjpeg.org/
Reference
https://github.com/uclouvain/openjpeg/issues/1044
Impacted products
| Name | OpenJPEG OpenJPEG 2.3.0 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-17480"
}
},
"description": "OpenJPEG\u662f\u4e00\u6b3e\u57fa\u4e8eC\u8bed\u8a00\u7684\u5f00\u6e90JPEG 2000\u7f16\u7801\u89e3\u7801\u5668\u3002\r\n\r\nOpenJPEG 2.3.0\u7248\u672c\u4e2d\u7684jp3d/convert.c\u6587\u4ef6\u7684\u2018pgxtovolume\u2019\u51fd\u6570\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u6216\u53ef\u80fd\u6267\u884c\u4ee3\u7801\uff08\u8d8a\u8fb9\u754c\u5199\u5165\uff09\u3002",
"discovererName": "Young-X",
"formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttp://www.openjpeg.org/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-38123",
"openTime": "2017-12-26",
"products": {
"product": "OpenJPEG OpenJPEG 2.3.0"
},
"referenceLink": "https://github.com/uclouvain/openjpeg/issues/1044",
"serverity": "\u9ad8",
"submitTime": "2017-12-12",
"title": "OpenJPEG\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2017-38123\uff09"
}
FKIE_CVE-2017-17480
Vulnerability from fkie_nvd - Published: 2017-12-08 19:29 - Updated: 2026-05-13 00:24
Severity ?
Summary
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/uclouvain/openjpeg/issues/1044 | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4109-1/ | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2019/dsa-4405 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/uclouvain/openjpeg/issues/1044 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4109-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2019/dsa-4405 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uclouvain | openjpeg | 2.3.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uclouvain:openjpeg:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "459BFDFA-A27B-4C47-A966-9E99E022BD04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution."
},
{
"lang": "es",
"value": "En OpenJPEG 2.3.0, se ha descubierto un desbordamiento de b\u00fafer basado en pila en la funci\u00f3n pgxtovolume en jp3d/convert.c. Esta vulnerabilidad tiene como consecuencia una escritura fuera de l\u00edmites, lo que podr\u00eda dar lugar a una denegaci\u00f3n de servicio remota o a una posible ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2017-17480",
"lastModified": "2026-05-13T00:24:29.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-08T19:29:00.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/uclouvain/openjpeg/issues/1044"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4109-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/uclouvain/openjpeg/issues/1044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4109-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4405"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2017-17480
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-17480",
"description": "In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.",
"id": "GSD-2017-17480",
"references": [
"https://www.suse.com/security/cve/CVE-2017-17480.html",
"https://www.debian.org/security/2019/dsa-4405",
"https://ubuntu.com/security/CVE-2017-17480",
"https://advisories.mageia.org/CVE-2017-17480.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-17480"
],
"details": "In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.",
"id": "GSD-2017-17480",
"modified": "2023-12-13T01:21:05.110285Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/uclouvain/openjpeg/issues/1044",
"refsource": "MISC",
"url": "https://github.com/uclouvain/openjpeg/issues/1044"
},
{
"name": "[debian-lts-announce] 20181120 [SECURITY] [DLA 1579-1] openjpeg2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html"
},
{
"name": "DSA-4405",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4405"
},
{
"name": "USN-4109-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4109-1/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:uclouvain:openjpeg:2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17480"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/uclouvain/openjpeg/issues/1044",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/uclouvain/openjpeg/issues/1044"
},
{
"name": "[debian-lts-announce] 20181120 [SECURITY] [DLA 1579-1] openjpeg2 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html"
},
{
"name": "DSA-4405",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4405"
},
{
"name": "USN-4109-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4109-1/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2021-02-03T16:07Z",
"publishedDate": "2017-12-08T19:29Z"
}
}
}
SUSE-SU-2018:1364-1
Vulnerability from csaf_suse - Published: 2018-05-22 07:49 - Updated: 2018-05-22 07:49Summary
Security update for openjpeg2
Severity
Moderate
Notes
Title of the patch: Security update for openjpeg2
Description of the patch: This update for openjpeg2 fixes the following security issues:
- CVE-2015-1239: A double free vulnerability in the j2k_read_ppm_v3 function allowed remote attackers to cause a denial of service (crash) (bsc#1066713)
- CVE-2017-17479: A stack-based buffer overflow in the pgxtoimage function in jpwl/convert.c could crash the converter. (bsc#1072125)
- CVE-2017-17480: A stack-based buffer overflow in the pgxtovolume function in jp3d/convert.c could crash the converter. (bsc#1072124)
Patchnames: SUSE-SLE-DESKTOP-12-SP3-2018-947,SUSE-SLE-SERVER-12-SP3-2018-947
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.6 (Medium)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.3 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.3 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openjpeg2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openjpeg2 fixes the following security issues:\n\n- CVE-2015-1239: A double free vulnerability in the j2k_read_ppm_v3 function allowed remote attackers to cause a denial of service (crash) (bsc#1066713)\n- CVE-2017-17479: A stack-based buffer overflow in the pgxtoimage function in jpwl/convert.c could crash the converter. (bsc#1072125)\n- CVE-2017-17480: A stack-based buffer overflow in the pgxtovolume function in jp3d/convert.c could crash the converter. (bsc#1072124)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP3-2018-947,SUSE-SLE-SERVER-12-SP3-2018-947",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1364-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1364-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181364-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1364-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-May/004068.html"
},
{
"category": "self",
"summary": "SUSE Bug 1066713",
"url": "https://bugzilla.suse.com/1066713"
},
{
"category": "self",
"summary": "SUSE Bug 1072124",
"url": "https://bugzilla.suse.com/1072124"
},
{
"category": "self",
"summary": "SUSE Bug 1072125",
"url": "https://bugzilla.suse.com/1072125"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-1239 page",
"url": "https://www.suse.com/security/cve/CVE-2015-1239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17479 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17479/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17480 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17480/"
}
],
"title": "Security update for openjpeg2",
"tracking": {
"current_release_date": "2018-05-22T07:49:34Z",
"generator": {
"date": "2018-05-22T07:49:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1364-1",
"initial_release_date": "2018-05-22T07:49:34Z",
"revision_history": [
{
"date": "2018-05-22T07:49:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-4.9.1.aarch64",
"product": {
"name": "libopenjp2-7-2.1.0-4.9.1.aarch64",
"product_id": "libopenjp2-7-2.1.0-4.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-4.9.1.ppc64le",
"product": {
"name": "libopenjp2-7-2.1.0-4.9.1.ppc64le",
"product_id": "libopenjp2-7-2.1.0-4.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-4.9.1.s390x",
"product": {
"name": "libopenjp2-7-2.1.0-4.9.1.s390x",
"product_id": "libopenjp2-7-2.1.0-4.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-4.9.1.x86_64",
"product": {
"name": "libopenjp2-7-2.1.0-4.9.1.x86_64",
"product_id": "libopenjp2-7-2.1.0-4.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64"
},
"product_reference": "libopenjp2-7-2.1.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64"
},
"product_reference": "libopenjp2-7-2.1.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le"
},
"product_reference": "libopenjp2-7-2.1.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-4.9.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x"
},
"product_reference": "libopenjp2-7-2.1.0-4.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64"
},
"product_reference": "libopenjp2-7-2.1.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64"
},
"product_reference": "libopenjp2-7-2.1.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le"
},
"product_reference": "libopenjp2-7-2.1.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-4.9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x"
},
"product_reference": "libopenjp2-7-2.1.0-4.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64"
},
"product_reference": "libopenjp2-7-2.1.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-1239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-1239"
}
],
"notes": [
{
"category": "general",
"text": "Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-1239",
"url": "https://www.suse.com/security/cve/CVE-2015-1239"
},
{
"category": "external",
"summary": "SUSE Bug 1066713 for CVE-2015-1239",
"url": "https://bugzilla.suse.com/1066713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-22T07:49:34Z",
"details": "moderate"
}
],
"title": "CVE-2015-1239"
},
{
"cve": "CVE-2017-17479",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17479"
}
],
"notes": [
{
"category": "general",
"text": "In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17479",
"url": "https://www.suse.com/security/cve/CVE-2017-17479"
},
{
"category": "external",
"summary": "SUSE Bug 1072125 for CVE-2017-17479",
"url": "https://bugzilla.suse.com/1072125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-22T07:49:34Z",
"details": "moderate"
}
],
"title": "CVE-2017-17479"
},
{
"cve": "CVE-2017-17480",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17480"
}
],
"notes": [
{
"category": "general",
"text": "In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17480",
"url": "https://www.suse.com/security/cve/CVE-2017-17480"
},
{
"category": "external",
"summary": "SUSE Bug 1072124 for CVE-2017-17480",
"url": "https://bugzilla.suse.com/1072124"
},
{
"category": "external",
"summary": "SUSE Bug 1072125 for CVE-2017-17480",
"url": "https://bugzilla.suse.com/1072125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-22T07:49:34Z",
"details": "moderate"
}
],
"title": "CVE-2017-17480"
}
]
}
WID-SEC-W-2025-2135
Vulnerability from csaf_certbund - Published: 2019-03-10 23:00 - Updated: 2025-09-25 22:00Summary
OpenJPEG: Mehrere Schwachstellen ermöglichen Codeausführung
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Die OpenJPEG Bibliothek ist ein in C geschriebener Open Source JPEG 2000 Codec.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenJPEG ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenJPEG 2.3.0
Open Source / OpenJPEG
|
cpe:/a:openjpeg:openjpeg:2.3.0
|
2.3.0 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenJPEG 2.3.0
Open Source / OpenJPEG
|
cpe:/a:openjpeg:openjpeg:2.3.0
|
2.3.0 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenJPEG 2.3.0
Open Source / OpenJPEG
|
cpe:/a:openjpeg:openjpeg:2.3.0
|
2.3.0 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— |
References
9 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die OpenJPEG Bibliothek ist ein in C geschriebener Open Source JPEG 2000 Codec.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenJPEG ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2135 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2025-2135.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2135 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2135"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4405-1 vom 2019-03-10",
"url": "https://www.debian.org/security/2019/dsa-4405"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4109-1 vom 2019-08-22",
"url": "https://usn.ubuntu.com/4109-1/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1129-1 vom 2022-04-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010666.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1252-1 vom 2022-04-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010745.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1296-1 vom 2022-04-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010791.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03353-1 vom 2025-09-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022639.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03352-1 vom 2025-09-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022641.html"
}
],
"source_lang": "en-US",
"title": "OpenJPEG: Mehrere Schwachstellen erm\u00f6glichen Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2025-09-25T22:00:00.000+00:00",
"generator": {
"date": "2025-09-26T08:01:13.659+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2135",
"initial_release_date": "2019-03-10T23:00:00.000+00:00",
"revision_history": [
{
"date": "2019-03-10T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2019-08-21T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-04-07T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-04-19T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-04-21T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-25T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.3.0",
"product": {
"name": "Open Source OpenJPEG 2.3.0",
"product_id": "T011613",
"product_identification_helper": {
"cpe": "cpe:/a:openjpeg:openjpeg:2.3.0"
}
}
}
],
"category": "product_name",
"name": "OpenJPEG"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-17480",
"product_status": {
"known_affected": [
"T011613",
"2951",
"T002207",
"T000126"
]
},
"release_date": "2019-03-10T23:00:00.000+00:00",
"title": "CVE-2017-17480"
},
{
"cve": "CVE-2018-14423",
"product_status": {
"known_affected": [
"T011613",
"2951",
"T002207",
"T000126"
]
},
"release_date": "2019-03-10T23:00:00.000+00:00",
"title": "CVE-2018-14423"
},
{
"cve": "CVE-2018-18088",
"product_status": {
"known_affected": [
"T011613",
"2951",
"T002207",
"T000126"
]
},
"release_date": "2019-03-10T23:00:00.000+00:00",
"title": "CVE-2018-18088"
}
]
}
GHSA-J9X9-9H4C-F6V6
Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2025-04-20 03:49
VLAI?
Details
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2017-17480"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-08T19:29:00Z",
"severity": "CRITICAL"
},
"details": "In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.",
"id": "GHSA-j9x9-9h4c-f6v6",
"modified": "2025-04-20T03:49:36Z",
"published": "2022-05-13T01:11:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17480"
},
{
"type": "WEB",
"url": "https://github.com/uclouvain/openjpeg/issues/1044"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4109-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4405"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
BDU:2019-01566
Vulnerability from fstec - Published: 18.08.2017
VLAI Severity ?
Title
Уязвимость функции pgxtovolume библиотеки для кодирования/декодирования изображений OpenJPEG, связанная с записью за границы буфера данных, позволяющая нарушителю вызвать отказ в обслуживании и выполнить произвольный код
Description
Уязвимость функции pgxtovolume (jp3d/convert.c) библиотеки для кодирования/декодирования изображений OpenJPEG связана с записью за границы буфера данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании и выполнить произвольный код
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», АО "НППКТ"
Software Name
Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), OpenJPEG, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), до 2.3.0 включительно (OpenJPEG), 8 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), до 2.5 (ОСОН ОСнова Оnyx)
Possible Mitigations
Для openjpeg2:
Обновление программного обеспечения до 2.3.0-2 или более поздней версии
Для Debian:
Обновление программного обеспечения (пакета openjpeg2) до 2.1.0-2+deb8u6 или более поздней версии
Для Astra Linux использование рекомендаций, приведенных в бюллетени № 20191225SE81:
https://wiki.astralinux.ru/pages/viewpage.action?pageId=67111271
Для ОСОН Основа:
Обновление программного обеспечения openjpeg2 до версии 2.4.0-3
Для ОС Astra Linux 1.6 «Смоленск»:
обновить пакет openjpeg2 до 2.1.2-1.1+deb9u3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186
Reference
https://nvd.nist.gov/vuln/detail/CVE-2017-17480
https://security-tracker.debian.org/tracker/CVE-2017-17480
https://wiki.astralinux.ru/pages/viewpage.action?pageId=67111271
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
CWE
CWE-787
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), \u0434\u043e 2.3.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (OpenJPEG), 8 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f openjpeg2:\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 2.3.0-2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\n\n\u0414\u043b\u044f Debian:\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 openjpeg2) \u0434\u043e 2.1.0-2+deb8u6 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astra Linux \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439, \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u0445 \u0432 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0438 \u2116 20191225SE81:\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=67111271\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f openjpeg2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.4.0-3\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 openjpeg2 \u0434\u043e 2.1.2-1.1+deb9u3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "18.08.2017",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.04.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-01566",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2017-17480",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), OpenJPEG, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 pgxtovolume \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f/\u0434\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439 OpenJPEG, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 pgxtovolume (jp3d/convert.c) \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f/\u0434\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439 OpenJPEG \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2017-17480\nhttps://security-tracker.debian.org/tracker/CVE-2017-17480\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=67111271\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…