{"id":"MGASA-2017-0051","summary":"Updated openjpeg2 packages fix security vulnerabilities","details":"Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl\nfunction in openjp2/pi.c:523 in OpenJPEG 2.1.2. (CVE-2016-9112)\n\nThere is a NULL pointer dereference in function imagetobmp of\nconvertbmp.c:980 of OpenJPEG 2.1.2. image-\u003ecomps[0].data is not assigned\na value after initialization(NULL). Impact is Denial of Service.\n(CVE-2016-9113)\n\nThere is a NULL Pointer Access in function imagetopnm of\nconvert.c:1943(jp2) of OpenJPEG 2.1.2. image-\u003ecomps[compno].data is not\nassigned a value after initialization(NULL). Impact is Denial of \nService. (CVE-2016-9114)\n\nHeap Buffer Over-read in function imagetotga of convert.c(jp2):942 in\nOpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted\nj2k file. (CVE-2016-9115)\n\nNULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in\nOpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted\nj2k file. (CVE-2016-9116)\n\nNULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in\nOpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted\nj2k file. (CVE-2016-9117)\n\nHeap Buffer Overflow (WRITE of size 4) in function pnmtoimage of\nconvert.c:1719 in OpenJPEG 2.1.2. (CVE-2016-9118)\n","modified":"2026-01-31T21:13:43.042808Z","published":"2017-02-18T21:50:00Z","related":["CVE-2016-9112","CVE-2016-9113","CVE-2016-9114","CVE-2016-9115","CVE-2016-9116","CVE-2016-9117","CVE-2016-9118"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0051.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20038"},{"type":"REPORT","url":"https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00095.html"}],"affected":[{"package":{"name":"openjpeg2","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/openjpeg2?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.2-1.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0051.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}