{"id":"MGASA-2019-0004","summary":"Updated openjpeg2 packages fix security vulnerabilities","details":"A stack-based buffer overflow in the pgxtoimage function in\njpwl/convert.c could crash the converter (CVE-2017-17479).\n\nA stack-based buffer overflow in the pgxtovolume function in\njp3d/convert.c could crash the converter (CVE-2017-17480).\n\nA flaw was found in OpenJPEG 2.3.0, there is an integer overflow caused\nby an out-of-bounds left shift in the opj_j2k_setup_encoder function\n(openjp2/j2k.c). Remote attackers could leverage this vulnerability to\ncause a denial of service via a crafted bmp file (CVE-2018-5785).\n\nIn OpenJPEG 2.3.0, there is excessive iteration in the\nopj_t1_encode_cblks function of openjp2/t1.c. Attackers could leverage\nthis vulnerability to cause a denial of service via a crafted bmp file\n(CVE-2018-6616).\n\nA flaw was found in OpenJPEG 2.3.0. A NULL pointer dereference for \"red\"\nin the imagetopnm function of jp2/convert.c (CVE-2018-18088).\n","modified":"2026-04-16T01:45:14.660228341Z","published":"2019-01-05T18:30:16Z","upstream":["CVE-2017-17479","CVE-2017-17480","CVE-2018-18088","CVE-2018-5785","CVE-2018-6616"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0004.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23147"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2018-05/msg00086.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HKAGXKPJ2Z4TMUR3TVLTQ7SMTTIYGJKK/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JAZ5ZQP5XJ23SE3ECBP4QQF2CGMK6USD/"}],"affected":[{"package":{"name":"openjpeg2","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/openjpeg2?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.0-1.3.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0004.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}