{"id":"MGASA-2016-0426","summary":"Updated openjpeg2 packages fix security vulnerabilities","details":"A NULL pointer dereference flaw was found in the way openjpeg decoded\ncertain input images. Due to a logic error in the code responsible for\ndecoding the input image, an application using openjpeg to process image\ndata could crash when processing a crafted image (CVE-2016-9572).\n\nA heap buffer overflow flaw was found in the way openjpeg decompressed\ncertain input images. Due to an insufficient check in the imagetopnm()\nfunction, an application using openjpeg to process image data could\ncrash when processing a crafted image (CVE-2016-9573).\n\nAn integer overflow vulnerability was found in tiftoimage function\nresulting into heap buffer overflow (CVE-2016-9580).\n\nAn infinite loop vulnerability in tiftoimage that results into heap\nbuffer overflow in convert_32s_C1P1 was found (CVE-2016-9581)\n","modified":"2026-04-16T06:24:31.835116452Z","published":"2016-12-29T10:29:11Z","upstream":["CVE-2016-9572","CVE-2016-9573","CVE-2016-9580","CVE-2016-9581"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0426.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19921"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/G3C7U32IFCUOTSYNRT6QD5AFHWZ2ELHE/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FBFRC3OO5376WRT5PO5VE2JL6UB3NBO7/"}],"affected":[{"package":{"name":"openjpeg2","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/openjpeg2?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.2-1.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0426.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}