openSUSE Security Update : openjpeg2 (openSUSE-2017-120)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for openjpeg2 fixes the following issues :

- CVE-2016-9572 CVE-2016-9573: Insuficient check in
imagetopnm() could lead to heap buffer overflow
[bsc#1014543]

- CVE-2016-9580, CVE-2016-9581: Possible Heap buffer
overflow via integer overflow and infite loop
[bsc#1014975]

- CVE-2016-7445: NULL pointer dereference in convert.c
could lead to crash [bsc#999817]

- CVE-2016-8332: Malicious file in OpenJPEG JPEG2000
format could lead to code execution [bsc#1002414]

- CVE-2016-9112: FPE(Floating Point Exception) in
lib/openjp2/pi.c:523 [bsc#1007747]

- CVE-2016-9113: NULL point dereference in function
imagetobmp of convertbmp.c could lead to crash
[bsc#1007739]

- CVE-2016-9114: NULL pointer Access in function
imagetopnm of convert.c:1943(jp2) could lead to crash
[bsc#1007740]

- CVE-2016-9115: Heap Buffer Overflow in function
imagetotga of convert.c(jp2) [bsc#1007741]

- CVE-2016-9116: NULL pointer Access in function
imagetopnm of convert.c:2226(jp2) [bsc#1007742]

- CVE-2016-9117: NULL pointer Access in function
imagetopnm of convert.c(jp2):1289 [bsc#1007743]

- CVE-2016-9118: Heap Buffer Overflow in function
pnmtoimage of convert.c [bsc#1007744]

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1002414
https://bugzilla.opensuse.org/show_bug.cgi?id=1007739
https://bugzilla.opensuse.org/show_bug.cgi?id=1007740
https://bugzilla.opensuse.org/show_bug.cgi?id=1007741
https://bugzilla.opensuse.org/show_bug.cgi?id=1007742
https://bugzilla.opensuse.org/show_bug.cgi?id=1007743
https://bugzilla.opensuse.org/show_bug.cgi?id=1007744
https://bugzilla.opensuse.org/show_bug.cgi?id=1007747
https://bugzilla.opensuse.org/show_bug.cgi?id=1014543
https://bugzilla.opensuse.org/show_bug.cgi?id=1014975
https://bugzilla.opensuse.org/show_bug.cgi?id=999817

Solution :

Update the affected openjpeg2 packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now