SB2022040723 - SUSE update for openjpeg2
Published: April 7, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2016-1924)
The vulnerability allows a remote attacker to perform a denial-of-service attack.
The vulnerability exists due to a boundary error in the opj_tgt_reset function. A remote attacker can create a specially crafted JPEG 2000 image, trick the victim into opening it, trigger memory corruption and perform a denial-of-service attack.
2) Out-of-bounds read (CVE-ID: CVE-2016-3183)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the sycc422_t_rgb() function in common/color.c. A remote attacker can create a specially crafted JPEG 2000 image, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
3) Input validation error (CVE-ID: CVE-2016-4797)
The vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (application crash) via a crafted jp2 file.
4) Divide-by-zero (CVE-ID: CVE-2018-14423)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to multiple division-by-zero conditions that exist in the pi_next_pcrl, pi_next_cprl, and pi_next_rpcl functions, as defined in the lib/openjp3d/pi.c source code file. A remote attacker can trick the victim into opening a specially crafted file with an application that uses the affected library and cause the affected application to crash.
5) Buffer overflow (CVE-ID: CVE-2018-16375)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.
6) Out-of-bounds write (CVE-ID: CVE-2018-16376)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
7) Division by zero (CVE-ID: CVE-2018-20845)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error in the functions pi_next_pcrl(), pi_next_cprl(), and pi_next_rpcl() in openmj2/pi.c. A remote attacker can create a specially crafted file, trick the victim into opening it and cause a denial of service.
8) Input validation error (CVE-ID: CVE-2018-20846)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the functions pi_next_lrcp(), pi_next_rlcp(), pi_next_rpcl(), pi_next_pcrl(), pi_next_rpcl(), and pi_next_cprl() in openmj2/pi.c. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.
9) Use-after-free (CVE-ID: CVE-2020-15389)
The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.
10) Heap-based buffer overflow (CVE-ID: CVE-2020-27823)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing PNG images in pngtoimage() function in bin/jp2/convertpng.c. A remote attacker can pass specially crafted file to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Heap-based buffer overflow (CVE-ID: CVE-2020-8112)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the the qmfbid==1 case, a different issue than CVE-2020-6851. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Integer overflow (CVE-ID: CVE-2021-29338)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to integer overflow when using the command line option "-ImgDir" on a directory that contains 1048576 files. A remote attacker can pass specially crafted data to the application, trigger integer overflow and perform a denial of service attack.
13) Access of Uninitialized Pointer (CVE-ID: CVE-2022-1122)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to an invalid pointer initialization in the opj2_decompress program. A remote attacker can gain unauthorized access to sensitive information and perform a denial of service attack.
Remediation
Install update from vendor's website.