libZXing1-1.2.0-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11686 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libZXing1-1.2.0-2.1 on GA media These are all security issues fixed in the libZXing1-1.2.0-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11686 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11686 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-28021/ SUSE CVE CVE-2021-28021 page https://www.suse.com/security/cve/CVE-2021-42715/ SUSE CVE CVE-2021-42715 page https://www.suse.com/security/cve/CVE-2021-42716/ SUSE CVE CVE-2021-42716 page openSUSE Tumbleweed libZXing1-1.2.0-2.1 libZXing1-32bit-1.2.0-2.1 zxing-cpp-devel-1.2.0-2.1 libZXing1-1.2.0-2.1 as a component of openSUSE Tumbleweed libZXing1-32bit-1.2.0-2.1 as a component of openSUSE Tumbleweed zxing-cpp-devel-1.2.0-2.1 as a component of openSUSE Tumbleweed Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. CVE-2021-28021 openSUSE Tumbleweed:libZXing1-1.2.0-2.1 openSUSE Tumbleweed:libZXing1-32bit-1.2.0-2.1 openSUSE Tumbleweed:zxing-cpp-devel-1.2.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-28021.html CVE-2021-28021 https://bugzilla.suse.com/1191743 SUSE Bug 1191743 An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files. CVE-2021-42715 openSUSE Tumbleweed:libZXing1-1.2.0-2.1 openSUSE Tumbleweed:libZXing1-32bit-1.2.0-2.1 openSUSE Tumbleweed:zxing-cpp-devel-1.2.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-42715.html CVE-2021-42715 https://bugzilla.suse.com/1191942 SUSE Bug 1191942 An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location. CVE-2021-42716 openSUSE Tumbleweed:libZXing1-1.2.0-2.1 openSUSE Tumbleweed:libZXing1-32bit-1.2.0-2.1 openSUSE Tumbleweed:zxing-cpp-devel-1.2.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-42716.html CVE-2021-42716 https://bugzilla.suse.com/1191944 SUSE Bug 1191944