MGASA-2017-0051

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0051.html

Import Source

https://advisories.mageia.org/MGASA-2017-0051.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2017-0051

Related

Published

2017-02-18T21:50:00Z

Modified

2017-02-18T21:38:03Z

Summary

Updated openjpeg2 packages fix security vulnerabilities

Details

Floating Point Exception (aka FPE or divide by zero) in opjpinext_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2. (CVE-2016-9112)

There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service. (CVE-2016-9113)

There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service. (CVE-2016-9114)

Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. (CVE-2016-9115)

NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. (CVE-2016-9116)

NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. (CVE-2016-9117)

Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2. (CVE-2016-9118)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2017-0051

Affected packages