SUSE-SU-2022:1129-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20221129-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:1129-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2022:1129-1
Related
Published
2022-04-07T14:35:05Z
Modified
2022-04-07T14:35:05Z
Summary
Security update for openjpeg2
Details

This update for openjpeg2 fixes the following issues:

  • CVE-2016-1924: Fixed heap buffer overflow (bsc#980504).
  • CVE-2016-3183: Fixed out-of-bounds read in sycc422torgb function (bsc#971617).
  • CVE-2016-4797: Fixed heap buffer overflow (bsc#980504).
  • CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pinextpcrl, pinextcprl,and pinextrpcl in lib/openjp3d/pi.c (bsc#1102016).
  • CVE-2018-16375: Fixed missing checks for headerinfo.height and headerinfo.width in the function pnmtoimage in bin/jpwl/convert.c (bsc#1106882).
  • CVE-2018-16376: Fixed heap-based buffer overflow function t2encodepacket in lib/openmj2/t2.c (bsc#1106881).
  • CVE-2018-20845: Fixed division-by-zero in the functions pinextpcrl, pinextcprl, and pinextrpcl in openmj2/pi.c (bsc#1140130).
  • CVE-2018-20846: Fixed out-of-bounds accesses in pinextlrcp, pinextrlcp, pinextrpcl, pinextpcrl, pinextrpcl, and pinextcprl in openmj2/pi.c (bsc#1140205).
  • CVE-2020-8112: Fixed heap-based buffer overflow in opjt1clbldecodeprocessor in openjp2/t1.c (bsc#1162090).
  • CVE-2020-15389: Fixed use-after-free if t a mix of valid and invalid files in a directory operated on by the decompressor (bsc#1173578).
  • CVE-2020-27823: Fixed heap buffer over-write in opjtcddclevelshift_encode() (bsc#1180457).
  • CVE-2021-29338: Fixed integer overflow that allows remote attackers to crash the application (bsc#1184774).
  • CVE-2022-1122: Fixed segmentation fault in opj2_decompress due to uninitialized pointer (bsc#1197738).
References

Affected packages

SUSE:HPE Helion OpenStack 8 / openjpeg2

Package

Name
openjpeg2
Purl
pkg:rpm/suse/openjpeg2&distro=HPE%20Helion%20OpenStack%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.0-4.15.1

Ecosystem specific

{
    "binaries": [
        {
            "libopenjp2-7": "2.1.0-4.15.1"
        }
    ]
}

SUSE:OpenStack Cloud 8 / openjpeg2

Package

Name
openjpeg2
Purl
pkg:rpm/suse/openjpeg2&distro=SUSE%20OpenStack%20Cloud%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.0-4.15.1

Ecosystem specific

{
    "binaries": [
        {
            "libopenjp2-7": "2.1.0-4.15.1"
        }
    ]
}

SUSE:OpenStack Cloud 9 / openjpeg2

Package

Name
openjpeg2
Purl
pkg:rpm/suse/openjpeg2&distro=SUSE%20OpenStack%20Cloud%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.0-4.15.1

Ecosystem specific

{
    "binaries": [
        {
            "libopenjp2-7": "2.1.0-4.15.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 8 / openjpeg2

Package

Name
openjpeg2
Purl
pkg:rpm/suse/openjpeg2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.0-4.15.1

Ecosystem specific

{
    "binaries": [
        {
            "libopenjp2-7": "2.1.0-4.15.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 9 / openjpeg2

Package

Name
openjpeg2
Purl
pkg:rpm/suse/openjpeg2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.0-4.15.1

Ecosystem specific

{
    "binaries": [
        {
            "libopenjp2-7": "2.1.0-4.15.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP3 / openjpeg2

Package

Name
openjpeg2
Purl
pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.0-4.15.1

Ecosystem specific

{
    "binaries": [
        {
            "libopenjp2-7": "2.1.0-4.15.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / openjpeg2

Package

Name
openjpeg2
Purl
pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.0-4.15.1

Ecosystem specific

{
    "binaries": [
        {
            "libopenjp2-7": "2.1.0-4.15.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-BCL / openjpeg2

Package

Name
openjpeg2
Purl
pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.0-4.15.1

Ecosystem specific

{
    "binaries": [
        {
            "libopenjp2-7": "2.1.0-4.15.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP3-LTSS / openjpeg2

Package

Name
openjpeg2
Purl
pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.0-4.15.1

Ecosystem specific

{
    "binaries": [
        {
            "libopenjp2-7": "2.1.0-4.15.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP3-BCL / openjpeg2

Package

Name
openjpeg2
Purl
pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.0-4.15.1

Ecosystem specific

{
    "binaries": [
        {
            "libopenjp2-7": "2.1.0-4.15.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP4-LTSS / openjpeg2

Package

Name
openjpeg2
Purl
pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.0-4.15.1

Ecosystem specific

{
    "binaries": [
        {
            "libopenjp2-7": "2.1.0-4.15.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / openjpeg2

Package

Name
openjpeg2
Purl
pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.0-4.15.1

Ecosystem specific

{
    "binaries": [
        {
            "libopenjp2-7": "2.1.0-4.15.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / openjpeg2

Package

Name
openjpeg2
Purl
pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.0-4.15.1

Ecosystem specific

{
    "binaries": [
        {
            "libopenjp2-7": "2.1.0-4.15.1"
        }
    ]
}