rpm package
suse/openjpeg&distro=SUSE Linux Enterprise Module for Desktop Applications 15 SP4
pkg:rpm/suse/openjpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-27824 | — | < 1.5.2-150000.4.10.1 | 1.5.2-150000.4.10.1 | May 13, 2021 | A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability. | ||
| CVE-2020-27845 | — | < 1.5.2-150000.4.10.1 | 1.5.2-150000.4.10.1 | Jan 5, 2021 | There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability | ||
| CVE-2020-27843 | — | < 1.5.2-150000.4.10.1 | 1.5.2-150000.4.10.1 | Jan 5, 2021 | A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. | ||
| CVE-2020-27842 | — | < 1.5.2-150000.4.10.1 | 1.5.2-150000.4.10.1 | Jan 5, 2021 | There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. | ||
| CVE-2018-21010 | — | < 1.5.2-150000.4.10.1 | 1.5.2-150000.4.10.1 | Sep 5, 2019 | OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c. | ||
| CVE-2018-20846 | — | < 1.5.2-150000.4.10.1 | 1.5.2-150000.4.10.1 | Jun 26, 2019 | Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). |
- CVE-2020-27824May 13, 2021affected < 1.5.2-150000.4.10.1fixed 1.5.2-150000.4.10.1
A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.
- CVE-2020-27845Jan 5, 2021affected < 1.5.2-150000.4.10.1fixed 1.5.2-150000.4.10.1
There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability
- CVE-2020-27843Jan 5, 2021affected < 1.5.2-150000.4.10.1fixed 1.5.2-150000.4.10.1
A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability.
- CVE-2020-27842Jan 5, 2021affected < 1.5.2-150000.4.10.1fixed 1.5.2-150000.4.10.1
There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.
- CVE-2018-21010Sep 5, 2019affected < 1.5.2-150000.4.10.1fixed 1.5.2-150000.4.10.1
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
- CVE-2018-20846Jun 26, 2019affected < 1.5.2-150000.4.10.1fixed 1.5.2-150000.4.10.1
Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).