rpm package

suse/openjpeg2&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3

pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3

Vulnerabilities (23)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-1122		—	< 2.1.0-4.15.1	2.1.0-4.15.1	Mar 29, 2022	A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a se
CVE-2020-27823		—	< 2.1.0-4.15.1	2.1.0-4.15.1	May 13, 2021	A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2021-29338		—	< 2.1.0-4.15.1	2.1.0-4.15.1	Apr 14, 2021	Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.
CVE-2020-15389		—	< 2.1.0-4.15.1	2.1.0-4.15.1	Jun 29, 2020	jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice
CVE-2020-8112		—	< 2.1.0-4.15.1	2.1.0-4.15.1	Jan 28, 2020	opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
CVE-2018-20846		—	< 2.1.0-4.15.1	2.1.0-4.15.1	Jun 26, 2019	Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
CVE-2018-20845		—	< 2.1.0-4.15.1	2.1.0-4.15.1	Jun 26, 2019	Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
CVE-2018-16376		—	< 2.1.0-4.15.1	2.1.0-4.15.1	Sep 3, 2018	An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
CVE-2018-16375		—	< 2.1.0-4.15.1	2.1.0-4.15.1	Sep 3, 2018	An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.
CVE-2018-14423		—	< 2.1.0-4.15.1	2.1.0-4.15.1	Jul 19, 2018	Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
CVE-2017-17480	Cri	9.8	< 2.1.0-4.9.1	2.1.0-4.9.1	Dec 8, 2017	In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
CVE-2017-17479	Cri	9.8	< 2.1.0-4.9.1	2.1.0-4.9.1	Dec 8, 2017	In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
CVE-2015-1239	Med	6.5	< 2.1.0-4.9.1	2.1.0-4.9.1	Oct 18, 2017	Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.
CVE-2017-14164	Hig	8.8	< 2.1.0-4.6.1	2.1.0-4.6.1	Sep 6, 2017	A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possib
CVE-2017-14041	Hig	8.8	< 2.1.0-4.6.1	2.1.0-4.6.1	Aug 30, 2017	A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
CVE-2017-14040	Hig	8.8	< 2.1.0-4.6.1	2.1.0-4.6.1	Aug 30, 2017	An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.
CVE-2017-14039	Hig	8.8	< 2.1.0-4.6.1	2.1.0-4.6.1	Aug 30, 2017	A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
CVE-2016-10507	Med	6.5	< 2.1.0-4.6.1	2.1.0-4.6.1	Aug 30, 2017	Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file.
CVE-2016-4797	Med	5.5	< 2.1.0-4.15.1	2.1.0-4.15.1	Feb 3, 2017	Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.
CVE-2016-3183	Med	5.5	< 2.1.0-4.15.1	2.1.0-4.15.1	Feb 3, 2017	The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file.

CVE-2022-1122Mar 29, 2022
affected < 2.1.0-4.15.1fixed 2.1.0-4.15.1
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a se
CVE-2020-27823May 13, 2021
affected < 2.1.0-4.15.1fixed 2.1.0-4.15.1
A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2021-29338Apr 14, 2021
affected < 2.1.0-4.15.1fixed 2.1.0-4.15.1
Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.
CVE-2020-15389Jun 29, 2020
affected < 2.1.0-4.15.1fixed 2.1.0-4.15.1
jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice
CVE-2020-8112Jan 28, 2020
affected < 2.1.0-4.15.1fixed 2.1.0-4.15.1
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
CVE-2018-20846Jun 26, 2019
affected < 2.1.0-4.15.1fixed 2.1.0-4.15.1
Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
CVE-2018-20845Jun 26, 2019
affected < 2.1.0-4.15.1fixed 2.1.0-4.15.1
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
CVE-2018-16376Sep 3, 2018
affected < 2.1.0-4.15.1fixed 2.1.0-4.15.1
An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
CVE-2018-16375Sep 3, 2018
affected < 2.1.0-4.15.1fixed 2.1.0-4.15.1
An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.
CVE-2018-14423Jul 19, 2018
affected < 2.1.0-4.15.1fixed 2.1.0-4.15.1
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
CVE-2017-17480CriDec 8, 2017
affected < 2.1.0-4.9.1fixed 2.1.0-4.9.1
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
CVE-2017-17479CriDec 8, 2017
affected < 2.1.0-4.9.1fixed 2.1.0-4.9.1
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
CVE-2015-1239MedOct 18, 2017
affected < 2.1.0-4.9.1fixed 2.1.0-4.9.1
Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.
CVE-2017-14164HigSep 6, 2017
affected < 2.1.0-4.6.1fixed 2.1.0-4.6.1
A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possib
CVE-2017-14041HigAug 30, 2017
affected < 2.1.0-4.6.1fixed 2.1.0-4.6.1
A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
CVE-2017-14040HigAug 30, 2017
affected < 2.1.0-4.6.1fixed 2.1.0-4.6.1
An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.
CVE-2017-14039HigAug 30, 2017
affected < 2.1.0-4.6.1fixed 2.1.0-4.6.1
A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
CVE-2016-10507MedAug 30, 2017
affected < 2.1.0-4.6.1fixed 2.1.0-4.6.1
Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file.
CVE-2016-4797MedFeb 3, 2017
affected < 2.1.0-4.15.1fixed 2.1.0-4.15.1
Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.
CVE-2016-3183MedFeb 3, 2017
affected < 2.1.0-4.15.1fixed 2.1.0-4.15.1
The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file.

Page 1 of 2