OPENSUSE-SU-2017:2686-1

Advisory lineage Upstream: 5 Downstream: 0
Published: 10 Oct 2017, 07:16
Last modified:04 Feb 2026, 03:16

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

10 Oct 2017, 07:16
Published
Vulnerability first disclosed
04 Feb 2026, 03:16
Last Modified
Vulnerability information updated

Description

Security update for openjpeg2 This update for openjpeg2 fixes several issues. These security issues were fixed: - CVE-2016-10507: Integer overflow vulnerability in the bmp24toimage function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file (bsc#1056421). - CVE-2017-14039: A heap-based buffer overflow was discovered in the opj_t2_encode_packet function. The vulnerability caused an out-of-bounds write, which may have lead to remote denial of service or possibly unspecified other impact (bsc#1056622). - CVE-2017-14164: A size-validation issue was discovered in opj_j2k_write_sot. The vulnerability caused an out-of-bounds write, which may have lead to remote DoS or possibly remote code execution (bsc#1057511). - CVE-2017-14040: An invalid write access was discovered in bin/jp2/convert.c, triggering a crash in the tgatoimage function. The vulnerability may have lead to remote denial of service or possibly unspecified other impact (bsc#1056621). - CVE-2017-14041: A stack-based buffer overflow was discovered in the pgxtoimage function. The vulnerability caused an out-of-bounds write, which may have lead to remote denial of service or possibly remote code execution (bsc#1056562). This update was imported from the SUSE:SLE-12-SP2:Update update project.

Affected Systems

  • suseopenjpeg2&distro=SUSE Package Hub 12

    < 2.1.0-9.1

  • suseopenjpeg2&distro=SUSE Package Hub 12 SP1

    < 2.1.0-9.1

References (10)