openSUSE Security Update : openjpeg2 (openSUSE-2017-101)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for openjpeg2 fixes the following issues :

- CVE-2016-9114: NULL pointer Access in function
imagetopnm of convert.c:1943(jp2) could lead to crash

- CVE-2016-9115: Heap Buffer Overflow in function
imagetotga of convert.c(jp2) [bsc#1007741]

- CVE-2016-9580, CVE-2016-9581: Possible Heap buffer
overflow via integer overflow and infite loop

- CVE-2016-9117: NULL pointer Access in function
imagetopnm of convert.c(jp2):1289 [bsc#1007743]

- CVE-2016-9118: Heap Buffer Overflow in function
pnmtoimage of convert.c [bsc#1007744]

- CVE-2016-9112: FPE(Floating Point Exception) in
lib/openjp2/pi.c:523 [bsc#1007747]

- CVE-2016-9116: NULL pointer Access in function
imagetopnm of convert.c:2226(jp2) [bsc#1007742]

- CVE-2016-9113: NULL point dereference in function
imagetobmp of convertbmp.c could lead to crash

- CVE-2016-9572 CVE-2016-9573: Insuficient check in
imagetopnm() could lead to heap buffer overflow

- CVE-2016-8332: Malicious file in OpenJPEG JPEG2000
format could lead to code execution [bsc#1002414]

- CVE-2016-7445: NULL pointer dereference in convert.c
could lead to crash [bsc#999817]

This update was imported from the SUSE:SLE-12-SP2:Update update

See also :

Solution :

Update the affected openjpeg2 packages.

Risk factor :

Medium / CVSS Base Score : 6.8

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now