libopenjp2-7-2.4.0-1.4 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11120 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libopenjp2-7-2.4.0-1.4 on GA media These are all security issues fixed in the libopenjp2-7-2.4.0-1.4 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11120 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11120 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2016-10504/ SUSE CVE CVE-2016-10504 page https://www.suse.com/security/cve/CVE-2016-10505/ SUSE CVE CVE-2016-10505 page https://www.suse.com/security/cve/CVE-2016-10506/ SUSE CVE CVE-2016-10506 page https://www.suse.com/security/cve/CVE-2016-5139/ SUSE CVE CVE-2016-5139 page https://www.suse.com/security/cve/CVE-2016-5152/ SUSE CVE CVE-2016-5152 page https://www.suse.com/security/cve/CVE-2016-5158/ SUSE CVE CVE-2016-5158 page https://www.suse.com/security/cve/CVE-2016-8332/ SUSE CVE CVE-2016-8332 page https://www.suse.com/security/cve/CVE-2017-12982/ SUSE CVE CVE-2017-12982 page https://www.suse.com/security/cve/CVE-2017-14039/ SUSE CVE CVE-2017-14039 page https://www.suse.com/security/cve/CVE-2017-14040/ SUSE CVE CVE-2017-14040 page https://www.suse.com/security/cve/CVE-2017-14041/ SUSE CVE CVE-2017-14041 page https://www.suse.com/security/cve/CVE-2017-14151/ SUSE CVE CVE-2017-14151 page https://www.suse.com/security/cve/CVE-2017-14152/ SUSE CVE CVE-2017-14152 page https://www.suse.com/security/cve/CVE-2018-14423/ SUSE CVE CVE-2018-14423 page https://www.suse.com/security/cve/CVE-2018-16375/ SUSE CVE CVE-2018-16375 page https://www.suse.com/security/cve/CVE-2018-18088/ SUSE CVE CVE-2018-18088 page https://www.suse.com/security/cve/CVE-2018-5727/ SUSE CVE CVE-2018-5727 page https://www.suse.com/security/cve/CVE-2018-5785/ SUSE CVE CVE-2018-5785 page https://www.suse.com/security/cve/CVE-2018-6616/ SUSE CVE CVE-2018-6616 page https://www.suse.com/security/cve/CVE-2018-7648/ SUSE CVE CVE-2018-7648 page https://www.suse.com/security/cve/CVE-2019-12973/ SUSE CVE CVE-2019-12973 page https://www.suse.com/security/cve/CVE-2020-6851/ SUSE CVE CVE-2020-6851 page https://www.suse.com/security/cve/CVE-2020-8112/ SUSE CVE CVE-2020-8112 page openSUSE Tumbleweed libopenjp2-7-2.4.0-1.4 libopenjp2-7-32bit-2.4.0-1.4 openjpeg2-2.4.0-1.4 openjpeg2-devel-2.4.0-1.4 openjpeg2-devel-doc-2.4.0-1.4 libopenjp2-7-2.4.0-1.4 as a component of openSUSE Tumbleweed libopenjp2-7-32bit-2.4.0-1.4 as a component of openSUSE Tumbleweed openjpeg2-2.4.0-1.4 as a component of openSUSE Tumbleweed openjpeg2-devel-2.4.0-1.4 as a component of openSUSE Tumbleweed openjpeg2-devel-doc-2.4.0-1.4 as a component of openSUSE Tumbleweed Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file. CVE-2016-10504 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10504.html CVE-2016-10504 https://bugzilla.suse.com/1056351 SUSE Bug 1056351 https://bugzilla.suse.com/1179594 SUSE Bug 1179594 NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. CVE-2016-10505 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10505.html CVE-2016-10505 https://bugzilla.suse.com/1056363 SUSE Bug 1056363 Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. CVE-2016-10506 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10506.html CVE-2016-10506 https://bugzilla.suse.com/1056396 SUSE Bug 1056396 Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. CVE-2016-5139 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5139.html CVE-2016-5139 https://bugzilla.suse.com/992305 SUSE Bug 992305 https://bugzilla.suse.com/992311 SUSE Bug 992311 https://bugzilla.suse.com/992325 SUSE Bug 992325 Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. CVE-2016-5152 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5152.html CVE-2016-5152 https://bugzilla.suse.com/996648 SUSE Bug 996648 Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. CVE-2016-5158 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5158.html CVE-2016-5158 https://bugzilla.suse.com/996648 SUSE Bug 996648 A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector. CVE-2016-8332 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-8332.html CVE-2016-8332 https://bugzilla.suse.com/1002414 SUSE Bug 1002414 https://bugzilla.suse.com/1007739 SUSE Bug 1007739 https://bugzilla.suse.com/1007744 SUSE Bug 1007744 https://bugzilla.suse.com/1015662 SUSE Bug 1015662 The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c. CVE-2017-12982 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-12982.html CVE-2017-12982 https://bugzilla.suse.com/1054696 SUSE Bug 1054696 A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. CVE-2017-14039 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14039.html CVE-2017-14039 https://bugzilla.suse.com/1056622 SUSE Bug 1056622 https://bugzilla.suse.com/1057511 SUSE Bug 1057511 An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact. CVE-2017-14040 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14040.html CVE-2017-14040 https://bugzilla.suse.com/1056621 SUSE Bug 1056621 A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. CVE-2017-14041 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14041.html CVE-2017-14041 https://bugzilla.suse.com/1056562 SUSE Bug 1056562 An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in lib/openjp2/t1.c) or possibly remote code execution. CVE-2017-14151 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14151.html CVE-2017-14151 https://bugzilla.suse.com/1057336 SUSE Bug 1057336 A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution. CVE-2017-14152 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14152.html CVE-2017-14152 https://bugzilla.suse.com/1057335 SUSE Bug 1057335 https://bugzilla.suse.com/1057511 SUSE Bug 1057511 Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). CVE-2018-14423 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-14423.html CVE-2018-14423 https://bugzilla.suse.com/1102016 SUSE Bug 1102016 https://bugzilla.suse.com/1140130 SUSE Bug 1140130 An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow. CVE-2018-16375 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16375.html CVE-2018-16375 https://bugzilla.suse.com/1106882 SUSE Bug 1106882 OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c CVE-2018-18088 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18088.html CVE-2018-18088 https://bugzilla.suse.com/1111638 SUSE Bug 1111638 In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. CVE-2018-5727 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-5727.html CVE-2018-5727 https://bugzilla.suse.com/1076314 SUSE Bug 1076314 In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. CVE-2018-5785 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-5785.html CVE-2018-5785 https://bugzilla.suse.com/1076967 SUSE Bug 1076967 In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. CVE-2018-6616 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6616.html CVE-2018-6616 https://bugzilla.suse.com/1079845 SUSE Bug 1079845 https://bugzilla.suse.com/1140359 SUSE Bug 1140359 An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line. CVE-2018-7648 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-7648.html CVE-2018-7648 https://bugzilla.suse.com/1083901 SUSE Bug 1083901 In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616. CVE-2019-12973 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-12973.html CVE-2019-12973 https://bugzilla.suse.com/1140359 SUSE Bug 1140359 OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. CVE-2020-6851 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6851.html CVE-2020-6851 https://bugzilla.suse.com/1160782 SUSE Bug 1160782 https://bugzilla.suse.com/1162090 SUSE Bug 1162090 opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. CVE-2020-8112 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-8112.html CVE-2020-8112 https://bugzilla.suse.com/1162090 SUSE Bug 1162090