Recommended update for openjpeg SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:2568-1 Final 1 1 2017-09-25T21:35:07Z current 2017-09-25T21:35:07Z 2017-09-25T21:35:07Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Recommended update for openjpeg This update for openjpeg fixes the following vulnerability: * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash (bsc#999817) The following bug was also fixed: - Programs linked with libopenjpeg1 would expose non-standard math behavior due to usage of -ffast-math in openjpeg (boo#1029609, boo#1059440)</description> The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2017-1091 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1029609 SUSE Bug 1029609 https://bugzilla.suse.com/1059440 SUSE Bug 1059440 https://bugzilla.suse.com/999817 SUSE Bug 999817 https://www.suse.com/security/cve/CVE-2016-7445/ SUSE CVE CVE-2016-7445 page SUSE Package Hub 12 SP1 libopenjpeg1-1.5.2-6.1 openjpeg-1.5.2-6.1 openjpeg-devel-1.5.2-6.1 libopenjpeg1-1.5.2-6.1 as a component of SUSE Package Hub 12 SP1 openjpeg-1.5.2-6.1 as a component of SUSE Package Hub 12 SP1 openjpeg-devel-1.5.2-6.1 as a component of SUSE Package Hub 12 SP1 convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s. CVE-2016-7445 SUSE Package Hub 12 SP1:libopenjpeg1-1.5.2-6.1 SUSE Package Hub 12 SP1:openjpeg-1.5.2-6.1 SUSE Package Hub 12 SP1:openjpeg-devel-1.5.2-6.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7445.html CVE-2016-7445 https://bugzilla.suse.com/1007739 SUSE Bug 1007739 https://bugzilla.suse.com/1007744 SUSE Bug 1007744 https://bugzilla.suse.com/1015662 SUSE Bug 1015662 https://bugzilla.suse.com/999817 SUSE Bug 999817