MGASA-2019-0004
- Source
- https://advisories.mageia.org/MGASA-2019-0004.html
- Import Source
- https://advisories.mageia.org/MGASA-2019-0004.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2019-0004
- Related
- Published
- 2019-01-05T18:30:16Z
- Modified
- 2019-01-05T18:02:22Z
- Summary
- Updated openjpeg2 packages fix security vulnerabilities
- Details
-
A stack-based buffer overflow in the pgxtoimage function in jpwl/convert.c could crash the converter (CVE-2017-17479).
A stack-based buffer overflow in the pgxtovolume function in jp3d/convert.c could crash the converter (CVE-2017-17480).
A flaw was found in OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opjj2ksetup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file (CVE-2018-5785).
In OpenJPEG 2.3.0, there is excessive iteration in the opjt1encode_cblks function of openjp2/t1.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file (CVE-2018-6616).
A flaw was found in OpenJPEG 2.3.0. A NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c (CVE-2018-18088).
- References
-
- https://advisories.mageia.org/MGASA-2019-0004.html
- https://bugs.mageia.org/show_bug.cgi?id=23147
- https://lists.opensuse.org/opensuse-updates/2018-05/msg00086.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HKAGXKPJ2Z4TMUR3TVLTQ7SMTTIYGJKK/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JAZ5ZQP5XJ23SE3ECBP4QQF2CGMK6USD/
- Credits
-
-
- Mageia - COORDINATOR
-