SUSE-SU-2018:1364-1
Advisory lineage Upstream: 3 Downstream: 0
Published: 22 May 2018, 07:49
Last modified:04 Feb 2026, 02:40
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
22 May 2018, 07:49
Published
Vulnerability first disclosed
04 Feb 2026, 02:40
Last Modified
Vulnerability information updated
Description
Security update for openjpeg2 This update for openjpeg2 fixes the following security issues: - CVE-2015-1239: A double free vulnerability in the j2k_read_ppm_v3 function allowed remote attackers to cause a denial of service (crash) (bsc#1066713) - CVE-2017-17479: A stack-based buffer overflow in the pgxtoimage function in jpwl/convert.c could crash the converter. (bsc#1072125) - CVE-2017-17480: A stack-based buffer overflow in the pgxtovolume function in jp3d/convert.c could crash the converter. (bsc#1072124)
Affected Systems
- suse•openjpeg2&distro=SUSE Linux Enterprise Desktop 12 SP3
< 2.1.0-4.9.1
- suse•openjpeg2&distro=SUSE Linux Enterprise Server 12 SP3
< 2.1.0-4.9.1
- suse•openjpeg2&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3
< 2.1.0-4.9.1
References (7)
- https://www.suse.com/support/update/announcement/2018/suse-su-20181364-1/
- https://bugzilla.suse.com/1066713
- https://bugzilla.suse.com/1072124
- https://bugzilla.suse.com/1072125
- https://www.suse.com/security/cve/CVE-2015-1239
- https://www.suse.com/security/cve/CVE-2017-17479
- https://www.suse.com/security/cve/CVE-2017-17480