Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-18088 (GCVE-0-2018-18088)
Vulnerability from cvelistv5 – Published: 2018-10-09 20:00 – Updated: 2024-08-05 11:01
VLAI?
EPSS
Summary
OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/uclouvain/openjpeg/issues/1152"
},
{
"name": "[debian-lts-announce] 20181120 [SECURITY] [DLA 1579-1] openjpeg2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html"
},
{
"name": "DSA-4405",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4405"
},
{
"name": "USN-4109-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4109-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenJPEG 2.3.0 has a NULL pointer dereference for \"red\" in the imagetopnm function of jp2/convert.c"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-21T19:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/uclouvain/openjpeg/issues/1152"
},
{
"name": "[debian-lts-announce] 20181120 [SECURITY] [DLA 1579-1] openjpeg2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html"
},
{
"name": "DSA-4405",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4405"
},
{
"name": "USN-4109-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4109-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenJPEG 2.3.0 has a NULL pointer dereference for \"red\" in the imagetopnm function of jp2/convert.c"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/uclouvain/openjpeg/issues/1152",
"refsource": "MISC",
"url": "https://github.com/uclouvain/openjpeg/issues/1152"
},
{
"name": "[debian-lts-announce] 20181120 [SECURITY] [DLA 1579-1] openjpeg2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html"
},
{
"name": "DSA-4405",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4405"
},
{
"name": "USN-4109-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4109-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18088",
"datePublished": "2018-10-09T20:00:00",
"dateReserved": "2018-10-09T00:00:00",
"dateUpdated": "2024-08-05T11:01:14.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-18088\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-10-09T20:29:00.607\",\"lastModified\":\"2024-11-21T03:55:27.610\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenJPEG 2.3.0 has a NULL pointer dereference for \\\"red\\\" in the imagetopnm function of jp2/convert.c\"},{\"lang\":\"es\",\"value\":\"OpenJPEG 2.3.0 tiene una desreferencia de puntero NULL en \\\"red\\\" en la funci\u00f3n imagetopnm de jp2/convert.c\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:uclouvain:openjpeg:2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"459BFDFA-A27B-4C47-A966-9E99E022BD04\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"https://github.com/uclouvain/openjpeg/issues/1152\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4109-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4405\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/uclouvain/openjpeg/issues/1152\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4109-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4405\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CNVD-2018-26010
Vulnerability from cnvd - Published: 2018-12-20
VLAI Severity ?
Title
OpenJPEG拒绝服务漏洞(CNVD-2018-26010)
Description
OpenJPEG是一款基于C语言的开源JPEG 2000编码解码器。
OpenJPEG 2.3.0版本中的jp2/convert.c文件的‘imagetopnm’函数存在安全漏洞。攻击者可利用该漏洞造成拒绝服务(空指针逆向引用)。
Severity
中
Formal description
目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法: https://github.com/uclouvain/openjpeg
Reference
https://nvd.nist.gov/vuln/detail/CVE-2018-18088
Impacted products
| Name | OpenJPEG OpenJPEG 2.3.0 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-18088",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18088"
}
},
"description": "OpenJPEG\u662f\u4e00\u6b3e\u57fa\u4e8eC\u8bed\u8a00\u7684\u5f00\u6e90JPEG 2000\u7f16\u7801\u89e3\u7801\u5668\u3002\n\nOpenJPEG 2.3.0\u7248\u672c\u4e2d\u7684jp2/convert.c\u6587\u4ef6\u7684\u2018imagetopnm\u2019\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u7a7a\u6307\u9488\u9006\u5411\u5f15\u7528\uff09\u3002",
"discovererName": "Hugo Lefeuvre",
"formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://github.com/uclouvain/openjpeg",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-26010",
"openTime": "2018-12-20",
"products": {
"product": "OpenJPEG OpenJPEG 2.3.0"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-18088",
"serverity": "\u4e2d",
"submitTime": "2018-10-30",
"title": "OpenJPEG\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2018-26010\uff09"
}
SUSE-SU-2025:03353-1
Vulnerability from csaf_suse - Published: 2025-09-25 11:51 - Updated: 2025-09-25 11:51Summary
Security update for openjpeg2
Notes
Title of the patch
Security update for openjpeg2
Description of the patch
This update for openjpeg2 fixes the following issues:
- CVE-2018-18088: Fixed NULL pointer dereference in the imagetopnm function of jp2/convert.c (bsc#1111638).
Patchnames
SUSE-2025-3353,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3353
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openjpeg2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openjpeg2 fixes the following issues:\n\n- CVE-2018-18088: Fixed NULL pointer dereference in the imagetopnm function of jp2/convert.c (bsc#1111638).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3353,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3353",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03353-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03353-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503353-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03353-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022639.html"
},
{
"category": "self",
"summary": "SUSE Bug 1111638",
"url": "https://bugzilla.suse.com/1111638"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18088 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18088/"
}
],
"title": "Security update for openjpeg2",
"tracking": {
"current_release_date": "2025-09-25T11:51:37Z",
"generator": {
"date": "2025-09-25T11:51:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03353-1",
"initial_release_date": "2025-09-25T11:51:37Z",
"revision_history": [
{
"date": "2025-09-25T11:51:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-4.24.1.aarch64",
"product": {
"name": "libopenjp2-7-2.1.0-4.24.1.aarch64",
"product_id": "libopenjp2-7-2.1.0-4.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.1.0-4.24.1.aarch64",
"product": {
"name": "openjpeg2-2.1.0-4.24.1.aarch64",
"product_id": "openjpeg2-2.1.0-4.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.1.0-4.24.1.aarch64",
"product": {
"name": "openjpeg2-devel-2.1.0-4.24.1.aarch64",
"product_id": "openjpeg2-devel-2.1.0-4.24.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-64bit-2.1.0-4.24.1.aarch64_ilp32",
"product": {
"name": "libopenjp2-7-64bit-2.1.0-4.24.1.aarch64_ilp32",
"product_id": "libopenjp2-7-64bit-2.1.0-4.24.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-4.24.1.i586",
"product": {
"name": "libopenjp2-7-2.1.0-4.24.1.i586",
"product_id": "libopenjp2-7-2.1.0-4.24.1.i586"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.1.0-4.24.1.i586",
"product": {
"name": "openjpeg2-2.1.0-4.24.1.i586",
"product_id": "openjpeg2-2.1.0-4.24.1.i586"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.1.0-4.24.1.i586",
"product": {
"name": "openjpeg2-devel-2.1.0-4.24.1.i586",
"product_id": "openjpeg2-devel-2.1.0-4.24.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-4.24.1.ppc64le",
"product": {
"name": "libopenjp2-7-2.1.0-4.24.1.ppc64le",
"product_id": "libopenjp2-7-2.1.0-4.24.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.1.0-4.24.1.ppc64le",
"product": {
"name": "openjpeg2-2.1.0-4.24.1.ppc64le",
"product_id": "openjpeg2-2.1.0-4.24.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.1.0-4.24.1.ppc64le",
"product": {
"name": "openjpeg2-devel-2.1.0-4.24.1.ppc64le",
"product_id": "openjpeg2-devel-2.1.0-4.24.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-4.24.1.s390",
"product": {
"name": "libopenjp2-7-2.1.0-4.24.1.s390",
"product_id": "libopenjp2-7-2.1.0-4.24.1.s390"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.1.0-4.24.1.s390",
"product": {
"name": "openjpeg2-2.1.0-4.24.1.s390",
"product_id": "openjpeg2-2.1.0-4.24.1.s390"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.1.0-4.24.1.s390",
"product": {
"name": "openjpeg2-devel-2.1.0-4.24.1.s390",
"product_id": "openjpeg2-devel-2.1.0-4.24.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-4.24.1.s390x",
"product": {
"name": "libopenjp2-7-2.1.0-4.24.1.s390x",
"product_id": "libopenjp2-7-2.1.0-4.24.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-32bit-2.1.0-4.24.1.s390x",
"product": {
"name": "libopenjp2-7-32bit-2.1.0-4.24.1.s390x",
"product_id": "libopenjp2-7-32bit-2.1.0-4.24.1.s390x"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.1.0-4.24.1.s390x",
"product": {
"name": "openjpeg2-2.1.0-4.24.1.s390x",
"product_id": "openjpeg2-2.1.0-4.24.1.s390x"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.1.0-4.24.1.s390x",
"product": {
"name": "openjpeg2-devel-2.1.0-4.24.1.s390x",
"product_id": "openjpeg2-devel-2.1.0-4.24.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.1.0-4.24.1.x86_64",
"product": {
"name": "libopenjp2-7-2.1.0-4.24.1.x86_64",
"product_id": "libopenjp2-7-2.1.0-4.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-32bit-2.1.0-4.24.1.x86_64",
"product": {
"name": "libopenjp2-7-32bit-2.1.0-4.24.1.x86_64",
"product_id": "libopenjp2-7-32bit-2.1.0-4.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.1.0-4.24.1.x86_64",
"product": {
"name": "openjpeg2-2.1.0-4.24.1.x86_64",
"product_id": "openjpeg2-2.1.0-4.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.1.0-4.24.1.x86_64",
"product": {
"name": "openjpeg2-devel-2.1.0-4.24.1.x86_64",
"product_id": "openjpeg2-devel-2.1.0-4.24.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.1.0-4.24.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenjp2-7-2.1.0-4.24.1.x86_64"
},
"product_reference": "libopenjp2-7-2.1.0-4.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-18088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18088"
}
],
"notes": [
{
"category": "general",
"text": "OpenJPEG 2.3.0 has a NULL pointer dereference for \"red\" in the imagetopnm function of jp2/convert.c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenjp2-7-2.1.0-4.24.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18088",
"url": "https://www.suse.com/security/cve/CVE-2018-18088"
},
{
"category": "external",
"summary": "SUSE Bug 1111638 for CVE-2018-18088",
"url": "https://bugzilla.suse.com/1111638"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenjp2-7-2.1.0-4.24.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenjp2-7-2.1.0-4.24.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-25T11:51:37Z",
"details": "low"
}
],
"title": "CVE-2018-18088"
}
]
}
SUSE-SU-2025:03352-1
Vulnerability from csaf_suse - Published: 2025-09-25 11:50 - Updated: 2025-09-25 11:50Summary
Security update for openjpeg2
Notes
Title of the patch
Security update for openjpeg2
Description of the patch
This update for openjpeg2 fixes the following issues:
- CVE-2018-18088: Fixed a null pointer dereferencei in imagetopnm function. (bsc#1111638).
Patchnames
SUSE-2025-3352,SUSE-SLE-Module-Basesystem-15-SP6-2025-3352,SUSE-SLE-Module-Basesystem-15-SP7-2025-3352,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3352,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3352,openSUSE-SLE-15.6-2025-3352
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openjpeg2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openjpeg2 fixes the following issues:\n\n- CVE-2018-18088: Fixed a null pointer dereferencei in imagetopnm function. (bsc#1111638).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3352,SUSE-SLE-Module-Basesystem-15-SP6-2025-3352,SUSE-SLE-Module-Basesystem-15-SP7-2025-3352,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3352,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3352,openSUSE-SLE-15.6-2025-3352",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03352-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03352-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503352-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03352-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022641.html"
},
{
"category": "self",
"summary": "SUSE Bug 1111638",
"url": "https://bugzilla.suse.com/1111638"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18088 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18088/"
}
],
"title": "Security update for openjpeg2",
"tracking": {
"current_release_date": "2025-09-25T11:50:17Z",
"generator": {
"date": "2025-09-25T11:50:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03352-1",
"initial_release_date": "2025-09-25T11:50:17Z",
"revision_history": [
{
"date": "2025-09-25T11:50:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.3.0-150000.3.21.1.aarch64",
"product": {
"name": "libopenjp2-7-2.3.0-150000.3.21.1.aarch64",
"product_id": "libopenjp2-7-2.3.0-150000.3.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.3.0-150000.3.21.1.aarch64",
"product": {
"name": "openjpeg2-2.3.0-150000.3.21.1.aarch64",
"product_id": "openjpeg2-2.3.0-150000.3.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.3.0-150000.3.21.1.aarch64",
"product": {
"name": "openjpeg2-devel-2.3.0-150000.3.21.1.aarch64",
"product_id": "openjpeg2-devel-2.3.0-150000.3.21.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-64bit-2.3.0-150000.3.21.1.aarch64_ilp32",
"product": {
"name": "libopenjp2-7-64bit-2.3.0-150000.3.21.1.aarch64_ilp32",
"product_id": "libopenjp2-7-64bit-2.3.0-150000.3.21.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.3.0-150000.3.21.1.i586",
"product": {
"name": "libopenjp2-7-2.3.0-150000.3.21.1.i586",
"product_id": "libopenjp2-7-2.3.0-150000.3.21.1.i586"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.3.0-150000.3.21.1.i586",
"product": {
"name": "openjpeg2-2.3.0-150000.3.21.1.i586",
"product_id": "openjpeg2-2.3.0-150000.3.21.1.i586"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.3.0-150000.3.21.1.i586",
"product": {
"name": "openjpeg2-devel-2.3.0-150000.3.21.1.i586",
"product_id": "openjpeg2-devel-2.3.0-150000.3.21.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.3.0-150000.3.21.1.ppc64le",
"product": {
"name": "libopenjp2-7-2.3.0-150000.3.21.1.ppc64le",
"product_id": "libopenjp2-7-2.3.0-150000.3.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.3.0-150000.3.21.1.ppc64le",
"product": {
"name": "openjpeg2-2.3.0-150000.3.21.1.ppc64le",
"product_id": "openjpeg2-2.3.0-150000.3.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.3.0-150000.3.21.1.ppc64le",
"product": {
"name": "openjpeg2-devel-2.3.0-150000.3.21.1.ppc64le",
"product_id": "openjpeg2-devel-2.3.0-150000.3.21.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.3.0-150000.3.21.1.s390x",
"product": {
"name": "libopenjp2-7-2.3.0-150000.3.21.1.s390x",
"product_id": "libopenjp2-7-2.3.0-150000.3.21.1.s390x"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.3.0-150000.3.21.1.s390x",
"product": {
"name": "openjpeg2-2.3.0-150000.3.21.1.s390x",
"product_id": "openjpeg2-2.3.0-150000.3.21.1.s390x"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.3.0-150000.3.21.1.s390x",
"product": {
"name": "openjpeg2-devel-2.3.0-150000.3.21.1.s390x",
"product_id": "openjpeg2-devel-2.3.0-150000.3.21.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.3.0-150000.3.21.1.x86_64",
"product": {
"name": "libopenjp2-7-2.3.0-150000.3.21.1.x86_64",
"product_id": "libopenjp2-7-2.3.0-150000.3.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-32bit-2.3.0-150000.3.21.1.x86_64",
"product": {
"name": "libopenjp2-7-32bit-2.3.0-150000.3.21.1.x86_64",
"product_id": "libopenjp2-7-32bit-2.3.0-150000.3.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.3.0-150000.3.21.1.x86_64",
"product": {
"name": "openjpeg2-2.3.0-150000.3.21.1.x86_64",
"product_id": "openjpeg2-2.3.0-150000.3.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.3.0-150000.3.21.1.x86_64",
"product": {
"name": "openjpeg2-devel-2.3.0-150000.3.21.1.x86_64",
"product_id": "openjpeg2-devel-2.3.0-150000.3.21.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.3.0-150000.3.21.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.21.1.aarch64"
},
"product_reference": "libopenjp2-7-2.3.0-150000.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.3.0-150000.3.21.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.21.1.ppc64le"
},
"product_reference": "libopenjp2-7-2.3.0-150000.3.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.3.0-150000.3.21.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.21.1.s390x"
},
"product_reference": "libopenjp2-7-2.3.0-150000.3.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.3.0-150000.3.21.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.21.1.x86_64"
},
"product_reference": "libopenjp2-7-2.3.0-150000.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.3.0-150000.3.21.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.21.1.aarch64"
},
"product_reference": "openjpeg2-2.3.0-150000.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.3.0-150000.3.21.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.21.1.ppc64le"
},
"product_reference": "openjpeg2-2.3.0-150000.3.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.3.0-150000.3.21.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.21.1.s390x"
},
"product_reference": "openjpeg2-2.3.0-150000.3.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.3.0-150000.3.21.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.21.1.x86_64"
},
"product_reference": "openjpeg2-2.3.0-150000.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.3.0-150000.3.21.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.21.1.aarch64"
},
"product_reference": "openjpeg2-devel-2.3.0-150000.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.3.0-150000.3.21.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.21.1.ppc64le"
},
"product_reference": "openjpeg2-devel-2.3.0-150000.3.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.3.0-150000.3.21.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.21.1.s390x"
},
"product_reference": "openjpeg2-devel-2.3.0-150000.3.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.3.0-150000.3.21.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.21.1.x86_64"
},
"product_reference": "openjpeg2-devel-2.3.0-150000.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.3.0-150000.3.21.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenjp2-7-2.3.0-150000.3.21.1.aarch64"
},
"product_reference": "libopenjp2-7-2.3.0-150000.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.3.0-150000.3.21.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenjp2-7-2.3.0-150000.3.21.1.ppc64le"
},
"product_reference": "libopenjp2-7-2.3.0-150000.3.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.3.0-150000.3.21.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenjp2-7-2.3.0-150000.3.21.1.s390x"
},
"product_reference": "libopenjp2-7-2.3.0-150000.3.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.3.0-150000.3.21.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenjp2-7-2.3.0-150000.3.21.1.x86_64"
},
"product_reference": "libopenjp2-7-2.3.0-150000.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.3.0-150000.3.21.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-2.3.0-150000.3.21.1.aarch64"
},
"product_reference": "openjpeg2-2.3.0-150000.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.3.0-150000.3.21.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-2.3.0-150000.3.21.1.ppc64le"
},
"product_reference": "openjpeg2-2.3.0-150000.3.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.3.0-150000.3.21.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-2.3.0-150000.3.21.1.s390x"
},
"product_reference": "openjpeg2-2.3.0-150000.3.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.3.0-150000.3.21.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-2.3.0-150000.3.21.1.x86_64"
},
"product_reference": "openjpeg2-2.3.0-150000.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.3.0-150000.3.21.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-devel-2.3.0-150000.3.21.1.aarch64"
},
"product_reference": "openjpeg2-devel-2.3.0-150000.3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.3.0-150000.3.21.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-devel-2.3.0-150000.3.21.1.ppc64le"
},
"product_reference": "openjpeg2-devel-2.3.0-150000.3.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.3.0-150000.3.21.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-devel-2.3.0-150000.3.21.1.s390x"
},
"product_reference": "openjpeg2-devel-2.3.0-150000.3.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.3.0-150000.3.21.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-devel-2.3.0-150000.3.21.1.x86_64"
},
"product_reference": "openjpeg2-devel-2.3.0-150000.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-32bit-2.3.0-150000.3.21.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:libopenjp2-7-32bit-2.3.0-150000.3.21.1.x86_64"
},
"product_reference": "libopenjp2-7-32bit-2.3.0-150000.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-32bit-2.3.0-150000.3.21.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:libopenjp2-7-32bit-2.3.0-150000.3.21.1.x86_64"
},
"product_reference": "libopenjp2-7-32bit-2.3.0-150000.3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.3.0-150000.3.21.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.21.1.aarch64"
},
"product_reference": "libopenjp2-7-2.3.0-150000.3.21.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.3.0-150000.3.21.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.21.1.ppc64le"
},
"product_reference": "libopenjp2-7-2.3.0-150000.3.21.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.3.0-150000.3.21.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.21.1.s390x"
},
"product_reference": "libopenjp2-7-2.3.0-150000.3.21.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.3.0-150000.3.21.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.21.1.x86_64"
},
"product_reference": "libopenjp2-7-2.3.0-150000.3.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-32bit-2.3.0-150000.3.21.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenjp2-7-32bit-2.3.0-150000.3.21.1.x86_64"
},
"product_reference": "libopenjp2-7-32bit-2.3.0-150000.3.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.3.0-150000.3.21.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.21.1.aarch64"
},
"product_reference": "openjpeg2-2.3.0-150000.3.21.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.3.0-150000.3.21.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.21.1.ppc64le"
},
"product_reference": "openjpeg2-2.3.0-150000.3.21.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.3.0-150000.3.21.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.21.1.s390x"
},
"product_reference": "openjpeg2-2.3.0-150000.3.21.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.3.0-150000.3.21.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.21.1.x86_64"
},
"product_reference": "openjpeg2-2.3.0-150000.3.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.3.0-150000.3.21.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.21.1.aarch64"
},
"product_reference": "openjpeg2-devel-2.3.0-150000.3.21.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.3.0-150000.3.21.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.21.1.ppc64le"
},
"product_reference": "openjpeg2-devel-2.3.0-150000.3.21.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.3.0-150000.3.21.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.21.1.s390x"
},
"product_reference": "openjpeg2-devel-2.3.0-150000.3.21.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.3.0-150000.3.21.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.21.1.x86_64"
},
"product_reference": "openjpeg2-devel-2.3.0-150000.3.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-18088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18088"
}
],
"notes": [
{
"category": "general",
"text": "OpenJPEG 2.3.0 has a NULL pointer dereference for \"red\" in the imagetopnm function of jp2/convert.c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenjp2-7-2.3.0-150000.3.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenjp2-7-2.3.0-150000.3.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenjp2-7-2.3.0-150000.3.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenjp2-7-2.3.0-150000.3.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-2.3.0-150000.3.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-2.3.0-150000.3.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-2.3.0-150000.3.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-2.3.0-150000.3.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-devel-2.3.0-150000.3.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-devel-2.3.0-150000.3.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-devel-2.3.0-150000.3.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-devel-2.3.0-150000.3.21.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libopenjp2-7-32bit-2.3.0-150000.3.21.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libopenjp2-7-32bit-2.3.0-150000.3.21.1.x86_64",
"openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.21.1.aarch64",
"openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.21.1.ppc64le",
"openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.21.1.s390x",
"openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.21.1.x86_64",
"openSUSE Leap 15.6:libopenjp2-7-32bit-2.3.0-150000.3.21.1.x86_64",
"openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.21.1.aarch64",
"openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.21.1.ppc64le",
"openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.21.1.s390x",
"openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.21.1.x86_64",
"openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.21.1.aarch64",
"openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.21.1.ppc64le",
"openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.21.1.s390x",
"openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18088",
"url": "https://www.suse.com/security/cve/CVE-2018-18088"
},
{
"category": "external",
"summary": "SUSE Bug 1111638 for CVE-2018-18088",
"url": "https://bugzilla.suse.com/1111638"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenjp2-7-2.3.0-150000.3.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenjp2-7-2.3.0-150000.3.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenjp2-7-2.3.0-150000.3.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenjp2-7-2.3.0-150000.3.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-2.3.0-150000.3.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-2.3.0-150000.3.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-2.3.0-150000.3.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-2.3.0-150000.3.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-devel-2.3.0-150000.3.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-devel-2.3.0-150000.3.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-devel-2.3.0-150000.3.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-devel-2.3.0-150000.3.21.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libopenjp2-7-32bit-2.3.0-150000.3.21.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libopenjp2-7-32bit-2.3.0-150000.3.21.1.x86_64",
"openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.21.1.aarch64",
"openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.21.1.ppc64le",
"openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.21.1.s390x",
"openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.21.1.x86_64",
"openSUSE Leap 15.6:libopenjp2-7-32bit-2.3.0-150000.3.21.1.x86_64",
"openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.21.1.aarch64",
"openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.21.1.ppc64le",
"openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.21.1.s390x",
"openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.21.1.x86_64",
"openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.21.1.aarch64",
"openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.21.1.ppc64le",
"openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.21.1.s390x",
"openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenjp2-7-2.3.0-150000.3.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-2.3.0-150000.3.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openjpeg2-devel-2.3.0-150000.3.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenjp2-7-2.3.0-150000.3.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenjp2-7-2.3.0-150000.3.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenjp2-7-2.3.0-150000.3.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenjp2-7-2.3.0-150000.3.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-2.3.0-150000.3.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-2.3.0-150000.3.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-2.3.0-150000.3.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-2.3.0-150000.3.21.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-devel-2.3.0-150000.3.21.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-devel-2.3.0-150000.3.21.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-devel-2.3.0-150000.3.21.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openjpeg2-devel-2.3.0-150000.3.21.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libopenjp2-7-32bit-2.3.0-150000.3.21.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libopenjp2-7-32bit-2.3.0-150000.3.21.1.x86_64",
"openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.21.1.aarch64",
"openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.21.1.ppc64le",
"openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.21.1.s390x",
"openSUSE Leap 15.6:libopenjp2-7-2.3.0-150000.3.21.1.x86_64",
"openSUSE Leap 15.6:libopenjp2-7-32bit-2.3.0-150000.3.21.1.x86_64",
"openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.21.1.aarch64",
"openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.21.1.ppc64le",
"openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.21.1.s390x",
"openSUSE Leap 15.6:openjpeg2-2.3.0-150000.3.21.1.x86_64",
"openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.21.1.aarch64",
"openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.21.1.ppc64le",
"openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.21.1.s390x",
"openSUSE Leap 15.6:openjpeg2-devel-2.3.0-150000.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-25T11:50:17Z",
"details": "low"
}
],
"title": "CVE-2018-18088"
}
]
}
GHSA-59Q2-6672-5MGR
Vulnerability from github – Published: 2022-05-14 00:52 – Updated: 2022-05-14 00:52
VLAI?
Details
OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c
Severity ?
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2018-18088"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-09T20:29:00Z",
"severity": "MODERATE"
},
"details": "OpenJPEG 2.3.0 has a NULL pointer dereference for \"red\" in the imagetopnm function of jp2/convert.c",
"id": "GHSA-59q2-6672-5mgr",
"modified": "2022-05-14T00:52:13Z",
"published": "2022-05-14T00:52:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18088"
},
{
"type": "WEB",
"url": "https://github.com/uclouvain/openjpeg/issues/1152"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4109-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4405"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2018-18088
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-18088",
"description": "OpenJPEG 2.3.0 has a NULL pointer dereference for \"red\" in the imagetopnm function of jp2/convert.c",
"id": "GSD-2018-18088",
"references": [
"https://www.suse.com/security/cve/CVE-2018-18088.html",
"https://www.debian.org/security/2019/dsa-4405",
"https://ubuntu.com/security/CVE-2018-18088",
"https://advisories.mageia.org/CVE-2018-18088.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-18088"
],
"details": "OpenJPEG 2.3.0 has a NULL pointer dereference for \"red\" in the imagetopnm function of jp2/convert.c",
"id": "GSD-2018-18088",
"modified": "2023-12-13T01:22:36.227756Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenJPEG 2.3.0 has a NULL pointer dereference for \"red\" in the imagetopnm function of jp2/convert.c"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/uclouvain/openjpeg/issues/1152",
"refsource": "MISC",
"url": "https://github.com/uclouvain/openjpeg/issues/1152"
},
{
"name": "[debian-lts-announce] 20181120 [SECURITY] [DLA 1579-1] openjpeg2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html"
},
{
"name": "DSA-4405",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4405"
},
{
"name": "USN-4109-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4109-1/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:uclouvain:openjpeg:2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18088"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "OpenJPEG 2.3.0 has a NULL pointer dereference for \"red\" in the imagetopnm function of jp2/convert.c"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/uclouvain/openjpeg/issues/1152",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/uclouvain/openjpeg/issues/1152"
},
{
"name": "[debian-lts-announce] 20181120 [SECURITY] [DLA 1579-1] openjpeg2 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html"
},
{
"name": "DSA-4405",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4405"
},
{
"name": "USN-4109-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4109-1/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-08-21T20:15Z",
"publishedDate": "2018-10-09T20:29Z"
}
}
}
FKIE_CVE-2018-18088
Vulnerability from fkie_nvd - Published: 2018-10-09 20:29 - Updated: 2024-11-21 03:55
Severity ?
Summary
OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/uclouvain/openjpeg/issues/1152 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4109-1/ | ||
| cve@mitre.org | https://www.debian.org/security/2019/dsa-4405 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/uclouvain/openjpeg/issues/1152 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4109-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2019/dsa-4405 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uclouvain | openjpeg | 2.3.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uclouvain:openjpeg:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "459BFDFA-A27B-4C47-A966-9E99E022BD04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenJPEG 2.3.0 has a NULL pointer dereference for \"red\" in the imagetopnm function of jp2/convert.c"
},
{
"lang": "es",
"value": "OpenJPEG 2.3.0 tiene una desreferencia de puntero NULL en \"red\" en la funci\u00f3n imagetopnm de jp2/convert.c"
}
],
"id": "CVE-2018-18088",
"lastModified": "2024-11-21T03:55:27.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-09T20:29:00.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/uclouvain/openjpeg/issues/1152"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4109-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/uclouvain/openjpeg/issues/1152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4109-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4405"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
WID-SEC-W-2025-2135
Vulnerability from csaf_certbund - Published: 2019-03-10 23:00 - Updated: 2025-09-25 22:00Summary
OpenJPEG: Mehrere Schwachstellen ermöglichen Codeausführung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die OpenJPEG Bibliothek ist ein in C geschriebener Open Source JPEG 2000 Codec.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenJPEG ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die OpenJPEG Bibliothek ist ein in C geschriebener Open Source JPEG 2000 Codec.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenJPEG ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2135 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2025-2135.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2135 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2135"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4405-1 vom 2019-03-10",
"url": "https://www.debian.org/security/2019/dsa-4405"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4109-1 vom 2019-08-22",
"url": "https://usn.ubuntu.com/4109-1/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1129-1 vom 2022-04-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010666.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1252-1 vom 2022-04-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010745.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1296-1 vom 2022-04-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010791.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03353-1 vom 2025-09-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022639.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03352-1 vom 2025-09-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022641.html"
}
],
"source_lang": "en-US",
"title": "OpenJPEG: Mehrere Schwachstellen erm\u00f6glichen Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2025-09-25T22:00:00.000+00:00",
"generator": {
"date": "2025-09-26T08:01:13.659+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2135",
"initial_release_date": "2019-03-10T23:00:00.000+00:00",
"revision_history": [
{
"date": "2019-03-10T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2019-08-21T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-04-07T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-04-19T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-04-21T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-25T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.3.0",
"product": {
"name": "Open Source OpenJPEG 2.3.0",
"product_id": "T011613",
"product_identification_helper": {
"cpe": "cpe:/a:openjpeg:openjpeg:2.3.0"
}
}
}
],
"category": "product_name",
"name": "OpenJPEG"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-17480",
"product_status": {
"known_affected": [
"T011613",
"2951",
"T002207",
"T000126"
]
},
"release_date": "2019-03-10T23:00:00.000+00:00",
"title": "CVE-2017-17480"
},
{
"cve": "CVE-2018-14423",
"product_status": {
"known_affected": [
"T011613",
"2951",
"T002207",
"T000126"
]
},
"release_date": "2019-03-10T23:00:00.000+00:00",
"title": "CVE-2018-14423"
},
{
"cve": "CVE-2018-18088",
"product_status": {
"known_affected": [
"T011613",
"2951",
"T002207",
"T000126"
]
},
"release_date": "2019-03-10T23:00:00.000+00:00",
"title": "CVE-2018-18088"
}
]
}
OPENSUSE-SU-2024:11120-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libopenjp2-7-2.4.0-1.4 on GA media
Notes
Title of the patch
libopenjp2-7-2.4.0-1.4 on GA media
Description of the patch
These are all security issues fixed in the libopenjp2-7-2.4.0-1.4 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11120
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libopenjp2-7-2.4.0-1.4 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libopenjp2-7-2.4.0-1.4 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11120",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11120-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10504 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10505 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10506 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5139 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5152 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5158 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8332 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12982 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14039 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14040 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14040/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14041 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14041/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14151 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14152 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14423 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14423/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16375 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16375/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18088 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5727 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5785 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6616 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7648 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12973 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6851 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8112 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8112/"
}
],
"title": "libopenjp2-7-2.4.0-1.4 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11120-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.4.0-1.4.aarch64",
"product": {
"name": "libopenjp2-7-2.4.0-1.4.aarch64",
"product_id": "libopenjp2-7-2.4.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"product": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"product_id": "libopenjp2-7-32bit-2.4.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.4.0-1.4.aarch64",
"product": {
"name": "openjpeg2-2.4.0-1.4.aarch64",
"product_id": "openjpeg2-2.4.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.4.0-1.4.aarch64",
"product": {
"name": "openjpeg2-devel-2.4.0-1.4.aarch64",
"product_id": "openjpeg2-devel-2.4.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"product": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"product_id": "openjpeg2-devel-doc-2.4.0-1.4.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.4.0-1.4.ppc64le",
"product": {
"name": "libopenjp2-7-2.4.0-1.4.ppc64le",
"product_id": "libopenjp2-7-2.4.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"product": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"product_id": "libopenjp2-7-32bit-2.4.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.4.0-1.4.ppc64le",
"product": {
"name": "openjpeg2-2.4.0-1.4.ppc64le",
"product_id": "openjpeg2-2.4.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.4.0-1.4.ppc64le",
"product": {
"name": "openjpeg2-devel-2.4.0-1.4.ppc64le",
"product_id": "openjpeg2-devel-2.4.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"product": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"product_id": "openjpeg2-devel-doc-2.4.0-1.4.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.4.0-1.4.s390x",
"product": {
"name": "libopenjp2-7-2.4.0-1.4.s390x",
"product_id": "libopenjp2-7-2.4.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-32bit-2.4.0-1.4.s390x",
"product": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.s390x",
"product_id": "libopenjp2-7-32bit-2.4.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.4.0-1.4.s390x",
"product": {
"name": "openjpeg2-2.4.0-1.4.s390x",
"product_id": "openjpeg2-2.4.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.4.0-1.4.s390x",
"product": {
"name": "openjpeg2-devel-2.4.0-1.4.s390x",
"product_id": "openjpeg2-devel-2.4.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-doc-2.4.0-1.4.s390x",
"product": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.s390x",
"product_id": "openjpeg2-devel-doc-2.4.0-1.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.4.0-1.4.x86_64",
"product": {
"name": "libopenjp2-7-2.4.0-1.4.x86_64",
"product_id": "libopenjp2-7-2.4.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"product": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"product_id": "libopenjp2-7-32bit-2.4.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.4.0-1.4.x86_64",
"product": {
"name": "openjpeg2-2.4.0-1.4.x86_64",
"product_id": "openjpeg2-2.4.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.4.0-1.4.x86_64",
"product": {
"name": "openjpeg2-devel-2.4.0-1.4.x86_64",
"product_id": "openjpeg2-devel-2.4.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-doc-2.4.0-1.4.x86_64",
"product": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.x86_64",
"product_id": "openjpeg2-devel-doc-2.4.0-1.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.4.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64"
},
"product_reference": "libopenjp2-7-2.4.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.4.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le"
},
"product_reference": "libopenjp2-7-2.4.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.4.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x"
},
"product_reference": "libopenjp2-7-2.4.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.4.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64"
},
"product_reference": "libopenjp2-7-2.4.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64"
},
"product_reference": "libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le"
},
"product_reference": "libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x"
},
"product_reference": "libopenjp2-7-32bit-2.4.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-32bit-2.4.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64"
},
"product_reference": "libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.4.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64"
},
"product_reference": "openjpeg2-2.4.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.4.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le"
},
"product_reference": "openjpeg2-2.4.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.4.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x"
},
"product_reference": "openjpeg2-2.4.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.4.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64"
},
"product_reference": "openjpeg2-2.4.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.4.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64"
},
"product_reference": "openjpeg2-devel-2.4.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.4.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le"
},
"product_reference": "openjpeg2-devel-2.4.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.4.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x"
},
"product_reference": "openjpeg2-devel-2.4.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.4.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64"
},
"product_reference": "openjpeg2-devel-2.4.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64"
},
"product_reference": "openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le"
},
"product_reference": "openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x"
},
"product_reference": "openjpeg2-devel-doc-2.4.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-doc-2.4.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
},
"product_reference": "openjpeg2-devel-doc-2.4.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-10504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10504"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10504",
"url": "https://www.suse.com/security/cve/CVE-2016-10504"
},
{
"category": "external",
"summary": "SUSE Bug 1056351 for CVE-2016-10504",
"url": "https://bugzilla.suse.com/1056351"
},
{
"category": "external",
"summary": "SUSE Bug 1179594 for CVE-2016-10504",
"url": "https://bugzilla.suse.com/1179594"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-10504"
},
{
"cve": "CVE-2016-10505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10505"
}
],
"notes": [
{
"category": "general",
"text": "NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10505",
"url": "https://www.suse.com/security/cve/CVE-2016-10505"
},
{
"category": "external",
"summary": "SUSE Bug 1056363 for CVE-2016-10505",
"url": "https://bugzilla.suse.com/1056363"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-10505"
},
{
"cve": "CVE-2016-10506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10506"
}
],
"notes": [
{
"category": "general",
"text": "Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10506",
"url": "https://www.suse.com/security/cve/CVE-2016-10506"
},
{
"category": "external",
"summary": "SUSE Bug 1056396 for CVE-2016-10506",
"url": "https://bugzilla.suse.com/1056396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-10506"
},
{
"cve": "CVE-2016-5139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5139"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5139",
"url": "https://www.suse.com/security/cve/CVE-2016-5139"
},
{
"category": "external",
"summary": "SUSE Bug 992305 for CVE-2016-5139",
"url": "https://bugzilla.suse.com/992305"
},
{
"category": "external",
"summary": "SUSE Bug 992311 for CVE-2016-5139",
"url": "https://bugzilla.suse.com/992311"
},
{
"category": "external",
"summary": "SUSE Bug 992325 for CVE-2016-5139",
"url": "https://bugzilla.suse.com/992325"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-5139"
},
{
"cve": "CVE-2016-5152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5152"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5152",
"url": "https://www.suse.com/security/cve/CVE-2016-5152"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5152",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-5152"
},
{
"cve": "CVE-2016-5158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5158"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5158",
"url": "https://www.suse.com/security/cve/CVE-2016-5158"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5158",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-5158"
},
{
"cve": "CVE-2016-8332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8332"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8332",
"url": "https://www.suse.com/security/cve/CVE-2016-8332"
},
{
"category": "external",
"summary": "SUSE Bug 1002414 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1002414"
},
{
"category": "external",
"summary": "SUSE Bug 1007739 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1007739"
},
{
"category": "external",
"summary": "SUSE Bug 1007744 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1007744"
},
{
"category": "external",
"summary": "SUSE Bug 1015662 for CVE-2016-8332",
"url": "https://bugzilla.suse.com/1015662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-8332"
},
{
"cve": "CVE-2017-12982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12982"
}
],
"notes": [
{
"category": "general",
"text": "The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12982",
"url": "https://www.suse.com/security/cve/CVE-2017-12982"
},
{
"category": "external",
"summary": "SUSE Bug 1054696 for CVE-2017-12982",
"url": "https://bugzilla.suse.com/1054696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-12982"
},
{
"cve": "CVE-2017-14039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14039"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14039",
"url": "https://www.suse.com/security/cve/CVE-2017-14039"
},
{
"category": "external",
"summary": "SUSE Bug 1056622 for CVE-2017-14039",
"url": "https://bugzilla.suse.com/1056622"
},
{
"category": "external",
"summary": "SUSE Bug 1057511 for CVE-2017-14039",
"url": "https://bugzilla.suse.com/1057511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-14039"
},
{
"cve": "CVE-2017-14040",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14040"
}
],
"notes": [
{
"category": "general",
"text": "An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14040",
"url": "https://www.suse.com/security/cve/CVE-2017-14040"
},
{
"category": "external",
"summary": "SUSE Bug 1056621 for CVE-2017-14040",
"url": "https://bugzilla.suse.com/1056621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-14040"
},
{
"cve": "CVE-2017-14041",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14041"
}
],
"notes": [
{
"category": "general",
"text": "A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14041",
"url": "https://www.suse.com/security/cve/CVE-2017-14041"
},
{
"category": "external",
"summary": "SUSE Bug 1056562 for CVE-2017-14041",
"url": "https://bugzilla.suse.com/1056562"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-14041"
},
{
"cve": "CVE-2017-14151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14151"
}
],
"notes": [
{
"category": "general",
"text": "An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in lib/openjp2/t1.c) or possibly remote code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14151",
"url": "https://www.suse.com/security/cve/CVE-2017-14151"
},
{
"category": "external",
"summary": "SUSE Bug 1057336 for CVE-2017-14151",
"url": "https://bugzilla.suse.com/1057336"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-14151"
},
{
"cve": "CVE-2017-14152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14152"
}
],
"notes": [
{
"category": "general",
"text": "A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14152",
"url": "https://www.suse.com/security/cve/CVE-2017-14152"
},
{
"category": "external",
"summary": "SUSE Bug 1057335 for CVE-2017-14152",
"url": "https://bugzilla.suse.com/1057335"
},
{
"category": "external",
"summary": "SUSE Bug 1057511 for CVE-2017-14152",
"url": "https://bugzilla.suse.com/1057511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-14152"
},
{
"cve": "CVE-2018-14423",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14423"
}
],
"notes": [
{
"category": "general",
"text": "Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14423",
"url": "https://www.suse.com/security/cve/CVE-2018-14423"
},
{
"category": "external",
"summary": "SUSE Bug 1102016 for CVE-2018-14423",
"url": "https://bugzilla.suse.com/1102016"
},
{
"category": "external",
"summary": "SUSE Bug 1140130 for CVE-2018-14423",
"url": "https://bugzilla.suse.com/1140130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-14423"
},
{
"cve": "CVE-2018-16375",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16375"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16375",
"url": "https://www.suse.com/security/cve/CVE-2018-16375"
},
{
"category": "external",
"summary": "SUSE Bug 1106882 for CVE-2018-16375",
"url": "https://bugzilla.suse.com/1106882"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16375"
},
{
"cve": "CVE-2018-18088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18088"
}
],
"notes": [
{
"category": "general",
"text": "OpenJPEG 2.3.0 has a NULL pointer dereference for \"red\" in the imagetopnm function of jp2/convert.c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18088",
"url": "https://www.suse.com/security/cve/CVE-2018-18088"
},
{
"category": "external",
"summary": "SUSE Bug 1111638 for CVE-2018-18088",
"url": "https://bugzilla.suse.com/1111638"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-18088"
},
{
"cve": "CVE-2018-5727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5727"
}
],
"notes": [
{
"category": "general",
"text": "In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5727",
"url": "https://www.suse.com/security/cve/CVE-2018-5727"
},
{
"category": "external",
"summary": "SUSE Bug 1076314 for CVE-2018-5727",
"url": "https://bugzilla.suse.com/1076314"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5727"
},
{
"cve": "CVE-2018-5785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5785"
}
],
"notes": [
{
"category": "general",
"text": "In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5785",
"url": "https://www.suse.com/security/cve/CVE-2018-5785"
},
{
"category": "external",
"summary": "SUSE Bug 1076967 for CVE-2018-5785",
"url": "https://bugzilla.suse.com/1076967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5785"
},
{
"cve": "CVE-2018-6616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6616"
}
],
"notes": [
{
"category": "general",
"text": "In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6616",
"url": "https://www.suse.com/security/cve/CVE-2018-6616"
},
{
"category": "external",
"summary": "SUSE Bug 1079845 for CVE-2018-6616",
"url": "https://bugzilla.suse.com/1079845"
},
{
"category": "external",
"summary": "SUSE Bug 1140359 for CVE-2018-6616",
"url": "https://bugzilla.suse.com/1140359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-6616"
},
{
"cve": "CVE-2018-7648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7648"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7648",
"url": "https://www.suse.com/security/cve/CVE-2018-7648"
},
{
"category": "external",
"summary": "SUSE Bug 1083901 for CVE-2018-7648",
"url": "https://bugzilla.suse.com/1083901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-7648"
},
{
"cve": "CVE-2019-12973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12973"
}
],
"notes": [
{
"category": "general",
"text": "In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12973",
"url": "https://www.suse.com/security/cve/CVE-2019-12973"
},
{
"category": "external",
"summary": "SUSE Bug 1140359 for CVE-2019-12973",
"url": "https://bugzilla.suse.com/1140359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-12973"
},
{
"cve": "CVE-2020-6851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6851"
}
],
"notes": [
{
"category": "general",
"text": "OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6851",
"url": "https://www.suse.com/security/cve/CVE-2020-6851"
},
{
"category": "external",
"summary": "SUSE Bug 1160782 for CVE-2020-6851",
"url": "https://bugzilla.suse.com/1160782"
},
{
"category": "external",
"summary": "SUSE Bug 1162090 for CVE-2020-6851",
"url": "https://bugzilla.suse.com/1162090"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6851"
},
{
"cve": "CVE-2020-8112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8112"
}
],
"notes": [
{
"category": "general",
"text": "opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8112",
"url": "https://www.suse.com/security/cve/CVE-2020-8112"
},
{
"category": "external",
"summary": "SUSE Bug 1162090 for CVE-2020-8112",
"url": "https://bugzilla.suse.com/1162090"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-8112"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…