SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

OVAL

SUSE-SU-2022:3802-1 -- SLES openjpeg2, libopenjp2-7

ID: oval:org.secpod.oval:def:89047819	Date: (C)2022-10-28 (M)2023-12-20
Class: PATCH	Family: unix

This update for openjpeg2 fixes the following issues: - CVE-2018-20846: Fixed OOB read in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c . - CVE-2018-21010: Fixed heap buffer overflow in color_apply_icc_profile in bin/common/color.c . - CVE-2020-27814: Fixed heap buffer overflow in lib/openjp2/mqc.c , - CVE-2020-27824: Fixed OOB read in opj_dwt_calc_explicit_stepsizes . - CVE-2020-27841: Fixed buffer over-read in lib/openjp2/pi.c . - CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c . - CVE-2020-27843: Fixed OOB read in opj_t2_encode_packet function in openjp2/t2.c . - CVE-2020-27845: Fixed heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c .

Platform:

SUSE Linux Enterprise Server 15

SUSE Linux Enterprise Desktop 15 SP4

SUSE Linux Enterprise Server 15 SP4

SUSE Linux Enterprise Desktop 15 SP3

SUSE Linux Enterprise Server 15 SP2

SUSE Linux Enterprise Server 15 SP3

SUSE Linux Enterprise Server 15 SP1

Product:

openjpeg2

libopenjp2-7

Reference: