DSA-4405-1 openjpeg2 -- openjpeg2ID: oval:org.secpod.oval:def:53532 | Date: (C)2019-04-22 (M)2024-01-02 |
Class: PATCH | Family: unix |
Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec, that could be leveraged to cause a denial of service or possibly remote code execution. CVE-2017-17480 Write stack buffer overflow in the jp3d and jpwl codecs can result in a denial of service or remote code execution via a crafted jp3d or jpwl file. CVE-2018-5785 Integer overflow can result in a denial of service via a crafted bmp file. CVE-2018-6616 Excessive iteration can result in a denial of service via a crafted bmp file. CVE-2018-14423 Division-by-zero vulnerabilities can result in a denial of service via a crafted j2k file. CVE-2018-18088 Null pointer dereference can result in a denial of service via a crafted bmp file.