Download
| Alert*
oval:org.secpod.oval:def:1802019
jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. oval:org.secpod.oval:def:89003084 This update for ghostscript to 9.27 fixes the following issues: Security issues fixed: - CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. - CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. - CVE-2019 ... oval:org.secpod.oval:def:506526 OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. The following packages have been upgraded to a later upstream version: openjpeg2 . Security Fix: * openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on by th ... oval:org.secpod.oval:def:89050779 This update for ghostscript fixes the following issues: Security issues fixed: - CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. - CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. - CVE-2019-12973: ... oval:org.secpod.oval:def:2105214 In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616. oval:org.secpod.oval:def:4501293 OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. The following packages have been upgraded to a later upstream version: openjpeg2 . Security Fix: * openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on by th ... oval:org.secpod.oval:def:1700805 Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service . An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openj ... oval:org.secpod.oval:def:1505271 [2.4.0-4] - Fix Covscan defect [2.4.0-3] - Fix CVE-2021-3575 - Fix resource leak identified by Covscan [2.4.0-2] - Fix CVE-2021-29338 [2.4.0-1] - Rebase to 2.4.0 - Resolves: CVE-2018-5727 - Resolves: CVE-2018-5785 - Resolves: CVE-2018-20845 - Resolves: CVE-2018-20847 - Resolves: CVE-2019-12973 ... oval:org.secpod.oval:def:2500303 OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. oval:org.secpod.oval:def:67105 openjpeg2: Open-source JPEG 2000 codec written in C language Several security issues were fixed in OpenJPEG. oval:org.secpod.oval:def:705617 openjpeg2: Open-source JPEG 2000 codec written in C language Several security issues were fixed in OpenJPEG. |