libopenjpeg1-1.5.2-4.7 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10227 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libopenjpeg1-1.5.2-4.7 on GA media These are all security issues fixed in the libopenjpeg1-1.5.2-4.7 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10227 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10227 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2009-5030/ SUSE CVE CVE-2009-5030 page https://www.suse.com/security/cve/CVE-2012-3358/ SUSE CVE CVE-2012-3358 page https://www.suse.com/security/cve/CVE-2012-3535/ SUSE CVE CVE-2012-3535 page https://www.suse.com/security/cve/CVE-2013-1447/ SUSE CVE CVE-2013-1447 page https://www.suse.com/security/cve/CVE-2013-4289/ SUSE CVE CVE-2013-4289 page https://www.suse.com/security/cve/CVE-2013-4290/ SUSE CVE CVE-2013-4290 page https://www.suse.com/security/cve/CVE-2013-6045/ SUSE CVE CVE-2013-6045 page https://www.suse.com/security/cve/CVE-2013-6052/ SUSE CVE CVE-2013-6052 page https://www.suse.com/security/cve/CVE-2013-6053/ SUSE CVE CVE-2013-6053 page https://www.suse.com/security/cve/CVE-2013-6054/ SUSE CVE CVE-2013-6054 page https://www.suse.com/security/cve/CVE-2013-6887/ SUSE CVE CVE-2013-6887 page openSUSE Tumbleweed libopenjpeg1-1.5.2-4.7 libopenjpeg1-32bit-1.5.2-4.7 openjpeg-1.5.2-4.7 openjpeg-devel-1.5.2-4.7 openjpeg-devel-32bit-1.5.2-4.7 libopenjpeg1-1.5.2-4.7 as a component of openSUSE Tumbleweed libopenjpeg1-32bit-1.5.2-4.7 as a component of openSUSE Tumbleweed openjpeg-1.5.2-4.7 as a component of openSUSE Tumbleweed openjpeg-devel-1.5.2-4.7 as a component of openSUSE Tumbleweed openjpeg-devel-32bit-1.5.2-4.7 as a component of openSUSE Tumbleweed The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid free." CVE-2009-5030 openSUSE Tumbleweed:libopenjpeg1-1.5.2-4.7 openSUSE Tumbleweed:libopenjpeg1-32bit-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-devel-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-devel-32bit-1.5.2-4.7 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-5030.html CVE-2009-5030 https://bugzilla.suse.com/757260 SUSE Bug 757260 Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file. CVE-2012-3358 openSUSE Tumbleweed:libopenjpeg1-1.5.2-4.7 openSUSE Tumbleweed:libopenjpeg1-32bit-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-devel-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-devel-32bit-1.5.2-4.7 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3358.html CVE-2012-3358 https://bugzilla.suse.com/770649 SUSE Bug 770649 Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file. CVE-2012-3535 openSUSE Tumbleweed:libopenjpeg1-1.5.2-4.7 openSUSE Tumbleweed:libopenjpeg1-32bit-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-devel-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-devel-32bit-1.5.2-4.7 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3535.html CVE-2012-3535 https://bugzilla.suse.com/777445 SUSE Bug 777445 OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related to NULL pointer dereferences, division-by-zero, and other errors. CVE-2013-1447 openSUSE Tumbleweed:libopenjpeg1-1.5.2-4.7 openSUSE Tumbleweed:libopenjpeg1-32bit-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-devel-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-devel-32bit-1.5.2-4.7 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1447.html CVE-2013-1447 https://bugzilla.suse.com/853644 SUSE Bug 853644 https://bugzilla.suse.com/853834 SUSE Bug 853834 https://bugzilla.suse.com/871412 SUSE Bug 871412 Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow. CVE-2013-4289 openSUSE Tumbleweed:libopenjpeg1-1.5.2-4.7 openSUSE Tumbleweed:libopenjpeg1-32bit-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-devel-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-devel-32bit-1.5.2-4.7 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4289.html CVE-2013-4289 https://bugzilla.suse.com/839879 SUSE Bug 839879 Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1) lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3) lib/openjp3d/event.c. CVE-2013-4290 openSUSE Tumbleweed:libopenjpeg1-1.5.2-4.7 openSUSE Tumbleweed:libopenjpeg1-32bit-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-devel-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-devel-32bit-1.5.2-4.7 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4290.html CVE-2013-4290 https://bugzilla.suse.com/839879 SUSE Bug 839879 Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors. CVE-2013-6045 openSUSE Tumbleweed:libopenjpeg1-1.5.2-4.7 openSUSE Tumbleweed:libopenjpeg1-32bit-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-devel-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-devel-32bit-1.5.2-4.7 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6045.html CVE-2013-6045 https://bugzilla.suse.com/1012822 SUSE Bug 1012822 https://bugzilla.suse.com/853644 SUSE Bug 853644 https://bugzilla.suse.com/853838 SUSE Bug 853838 OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. CVE-2013-6052 openSUSE Tumbleweed:libopenjpeg1-1.5.2-4.7 openSUSE Tumbleweed:libopenjpeg1-32bit-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-devel-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-devel-32bit-1.5.2-4.7 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6052.html CVE-2013-6052 https://bugzilla.suse.com/853644 SUSE Bug 853644 OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. CVE-2013-6053 openSUSE Tumbleweed:libopenjpeg1-1.5.2-4.7 openSUSE Tumbleweed:libopenjpeg1-32bit-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-devel-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-devel-32bit-1.5.2-4.7 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6053.html CVE-2013-6053 https://bugzilla.suse.com/853644 SUSE Bug 853644 Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045. CVE-2013-6054 openSUSE Tumbleweed:libopenjpeg1-1.5.2-4.7 openSUSE Tumbleweed:libopenjpeg1-32bit-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-devel-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-devel-32bit-1.5.2-4.7 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6054.html CVE-2013-6054 https://bugzilla.suse.com/853644 SUSE Bug 853644 OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors. CVE-2013-6887 openSUSE Tumbleweed:libopenjpeg1-1.5.2-4.7 openSUSE Tumbleweed:libopenjpeg1-32bit-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-devel-1.5.2-4.7 openSUSE Tumbleweed:openjpeg-devel-32bit-1.5.2-4.7 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6887.html CVE-2013-6887 https://bugzilla.suse.com/853644 SUSE Bug 853644