DSA-4405-1 openjpeg2 -- openjpeg2ID: oval:org.secpod.oval:def:603821 | Date: (C)2019-04-22 (M)2024-01-02 |
Class: PATCH | Family: unix |
Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec, that could be leveraged to cause a denial of service or possibly remote code execution. CVE-2017-17480 Write stack buffer overflow in the jp3d and jpwl codecs can result in a denial of service or remote code execution via a crafted jp3d or jpwl file. CVE-2018-5785 Integer overflow can result in a denial of service via a crafted bmp file. CVE-2018-6616 Excessive iteration can result in a denial of service via a crafted bmp file. CVE-2018-14423 Division-by-zero vulnerabilities can result in a denial of service via a crafted j2k file. CVE-2018-18088 Null pointer dereference can result in a denial of service via a crafted bmp file.
Product: |
libopenjpip7 |
libopenjp2-tools |
libopenjp3d-tools |
libopenjp2-7 |
libopenjpip-viewer |
libopenjp3d7 |
libopenjpip-server |
libopenjpip-dec-server |