{"id":"MGASA-2017-0481","summary":"Updated openjpeg2 packages fix security vulnerability","details":"A heap-based buffer overflow was discovered in the opj_t2_encode_packet\nfunction. The vulnerability caused an out-of-bounds write, which may have\nlead to remote denial of service or possibly unspecified other impact\n(CVE-2017-14039).\n\nAn invalid write access was discovered in bin/jp2/convert.c, triggering a\ncrash in the tgatoimage function. The vulnerability may have lead to\nremote denial of service or possibly unspecified other impact\n(CVE-2017-14040).\n\nA stack-based buffer overflow was discovered in the pgxtoimage function.\nThe vulnerability caused an out-of-bounds write, which may have lead to\nremote denial of service or possibly remote code execution\n(CVE-2017-14041).\n\nA size-validation issue was discovered in opj_j2k_write_sot. The\nvulnerability caused an out-of-bounds write, which may have lead to remote\nDoS or possibly remote code execution (CVE-2017-14164).\n","modified":"2026-04-16T06:25:14.792879854Z","published":"2017-12-31T15:14:43Z","upstream":["CVE-2017-14039","CVE-2017-14040","CVE-2017-14041","CVE-2017-14164"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0481.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21627"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2017-10/msg00032.html"}],"affected":[{"package":{"name":"openjpeg2","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/openjpeg2?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.0-1.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0481.json"}},{"package":{"name":"openjpeg2","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/openjpeg2?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.0-1.2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0481.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}