cvelistv5 - CVE-2016-9572

CVE-2016-9572 (GCVE-0-2016-9572)

Vulnerability from cvelistv5

Published

2018-08-01 16:00

Modified

2024-08-06 02:50

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476

Summary

A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.

References

►

URL

	Vendor	Product	Version
	The OpenJPEG Project	openjpeg	Version: 2.1.2

opensuse-su-2017:2567-1

Vulnerability from csaf_opensuse

Published

2017-09-25 21:34

Modified

2017-09-25 21:34

Summary

Security update for openjpeg2

Notes

Title of the patch

Security update for openjpeg2

Description of the patch

This update for openjpeg2 fixes the following issues: * CVE-2016-9114: NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740] * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741] * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975] * CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743] * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] * CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742] * CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543] * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash [bsc#999817] * CVE 2016-7163: Integer Overflow could lead to remote code execution [bsc#997857] * CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead to denial of service [bsc#979907] This update was imported from the SUSE:SLE-12-SP2:Update update project.

Patchnames

openSUSE-2017-1090

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for openjpeg2",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for openjpeg2 fixes the following issues:\n\n* CVE-2016-9114: NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740]\n* CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741]\n* CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975]\n* CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n* CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] \n* CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] \n* CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n* CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] \n* CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543]\n* CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format  could lead to code execution [bsc#1002414] \n* CVE-2016-7445: Null pointer dereference in convert.c could lead to crash [bsc#999817] \n* CVE 2016-7163: Integer Overflow could lead to remote code execution [bsc#997857]\n* CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead to denial of service [bsc#979907]\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2017-1090",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2017_2567-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2017:2567-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AL7JYPSOTOZ4UZQTE7T4Y3J7RCMV7M6M/#AL7JYPSOTOZ4UZQTE7T4Y3J7RCMV7M6M"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2017:2567-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AL7JYPSOTOZ4UZQTE7T4Y3J7RCMV7M6M/#AL7JYPSOTOZ4UZQTE7T4Y3J7RCMV7M6M"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1002414",
        "url": "https://bugzilla.suse.com/1002414"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007739",
        "url": "https://bugzilla.suse.com/1007739"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007740",
        "url": "https://bugzilla.suse.com/1007740"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007741",
        "url": "https://bugzilla.suse.com/1007741"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007742",
        "url": "https://bugzilla.suse.com/1007742"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007743",
        "url": "https://bugzilla.suse.com/1007743"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007744",
        "url": "https://bugzilla.suse.com/1007744"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007747",
        "url": "https://bugzilla.suse.com/1007747"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1014543",
        "url": "https://bugzilla.suse.com/1014543"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1014975",
        "url": "https://bugzilla.suse.com/1014975"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 979907",
        "url": "https://bugzilla.suse.com/979907"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 997857",
        "url": "https://bugzilla.suse.com/997857"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 999817",
        "url": "https://bugzilla.suse.com/999817"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8871 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8871/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-7163 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-7163/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-7445 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-7445/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-8332 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-8332/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9112 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9112/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9113 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9113/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9114 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9114/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9115 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9115/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9116 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9116/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9117 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9117/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9118 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9118/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9572 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9572/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9573 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9573/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9580 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9580/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9581 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9581/"
      }
    ],
    "title": "Security update for openjpeg2",
    "tracking": {
      "current_release_date": "2017-09-25T21:34:20Z",
      "generator": {
        "date": "2017-09-25T21:34:20Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2017:2567-1",
      "initial_release_date": "2017-09-25T21:34:20Z",
      "revision_history": [
        {
          "date": "2017-09-25T21:34:20Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.1.0-6.1.aarch64",
                "product": {
                  "name": "libopenjp2-7-2.1.0-6.1.aarch64",
                  "product_id": "libopenjp2-7-2.1.0-6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-2.1.0-6.1.aarch64",
                "product": {
                  "name": "openjpeg2-2.1.0-6.1.aarch64",
                  "product_id": "openjpeg2-2.1.0-6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-2.1.0-6.1.aarch64",
                "product": {
                  "name": "openjpeg2-devel-2.1.0-6.1.aarch64",
                  "product_id": "openjpeg2-devel-2.1.0-6.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.1.0-6.1.ppc64le",
                "product": {
                  "name": "libopenjp2-7-2.1.0-6.1.ppc64le",
                  "product_id": "libopenjp2-7-2.1.0-6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-2.1.0-6.1.ppc64le",
                "product": {
                  "name": "openjpeg2-2.1.0-6.1.ppc64le",
                  "product_id": "openjpeg2-2.1.0-6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-2.1.0-6.1.ppc64le",
                "product": {
                  "name": "openjpeg2-devel-2.1.0-6.1.ppc64le",
                  "product_id": "openjpeg2-devel-2.1.0-6.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.1.0-6.1.s390x",
                "product": {
                  "name": "libopenjp2-7-2.1.0-6.1.s390x",
                  "product_id": "libopenjp2-7-2.1.0-6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-2.1.0-6.1.s390x",
                "product": {
                  "name": "openjpeg2-2.1.0-6.1.s390x",
                  "product_id": "openjpeg2-2.1.0-6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-2.1.0-6.1.s390x",
                "product": {
                  "name": "openjpeg2-devel-2.1.0-6.1.s390x",
                  "product_id": "openjpeg2-devel-2.1.0-6.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.1.0-6.1.x86_64",
                "product": {
                  "name": "libopenjp2-7-2.1.0-6.1.x86_64",
                  "product_id": "libopenjp2-7-2.1.0-6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-2.1.0-6.1.x86_64",
                "product": {
                  "name": "openjpeg2-2.1.0-6.1.x86_64",
                  "product_id": "openjpeg2-2.1.0-6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-2.1.0-6.1.x86_64",
                "product": {
                  "name": "openjpeg2-devel-2.1.0-6.1.x86_64",
                  "product_id": "openjpeg2-devel-2.1.0-6.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Package Hub 12",
                "product": {
                  "name": "SUSE Package Hub 12",
                  "product_id": "SUSE Package Hub 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:packagehub:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Package Hub 12 SP1",
                "product": {
                  "name": "SUSE Package Hub 12 SP1",
                  "product_id": "SUSE Package Hub 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:packagehub:12:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64"
        },
        "product_reference": "libopenjp2-7-2.1.0-6.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le"
        },
        "product_reference": "libopenjp2-7-2.1.0-6.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-6.1.s390x as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x"
        },
        "product_reference": "libopenjp2-7-2.1.0-6.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64"
        },
        "product_reference": "libopenjp2-7-2.1.0-6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64"
        },
        "product_reference": "openjpeg2-2.1.0-6.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le"
        },
        "product_reference": "openjpeg2-2.1.0-6.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.1.0-6.1.s390x as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x"
        },
        "product_reference": "openjpeg2-2.1.0-6.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64"
        },
        "product_reference": "openjpeg2-2.1.0-6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64"
        },
        "product_reference": "openjpeg2-devel-2.1.0-6.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le"
        },
        "product_reference": "openjpeg2-devel-2.1.0-6.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.1.0-6.1.s390x as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x"
        },
        "product_reference": "openjpeg2-devel-2.1.0-6.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        },
        "product_reference": "openjpeg2-devel-2.1.0-6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64"
        },
        "product_reference": "libopenjp2-7-2.1.0-6.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le"
        },
        "product_reference": "libopenjp2-7-2.1.0-6.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-6.1.s390x as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x"
        },
        "product_reference": "libopenjp2-7-2.1.0-6.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64"
        },
        "product_reference": "libopenjp2-7-2.1.0-6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64"
        },
        "product_reference": "openjpeg2-2.1.0-6.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le"
        },
        "product_reference": "openjpeg2-2.1.0-6.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.1.0-6.1.s390x as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x"
        },
        "product_reference": "openjpeg2-2.1.0-6.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64"
        },
        "product_reference": "openjpeg2-2.1.0-6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64"
        },
        "product_reference": "openjpeg2-devel-2.1.0-6.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le"
        },
        "product_reference": "openjpeg2-devel-2.1.0-6.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.1.0-6.1.s390x as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x"
        },
        "product_reference": "openjpeg2-devel-2.1.0-6.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64"
        },
        "product_reference": "openjpeg2-devel-2.1.0-6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-8871",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8871"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8871",
          "url": "https://www.suse.com/security/cve/CVE-2015-8871"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2015-8871",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2015-8871",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 979907 for CVE-2015-8871",
          "url": "https://bugzilla.suse.com/979907"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-8871"
    },
    {
      "cve": "CVE-2016-7163",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-7163"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-7163",
          "url": "https://www.suse.com/security/cve/CVE-2016-7163"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-7163",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-7163",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 997857 for CVE-2016-7163",
          "url": "https://bugzilla.suse.com/997857"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2016-7163"
    },
    {
      "cve": "CVE-2016-7445",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-7445"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-7445",
          "url": "https://www.suse.com/security/cve/CVE-2016-7445"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-7445",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-7445",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-7445",
          "url": "https://bugzilla.suse.com/1015662"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 999817 for CVE-2016-7445",
          "url": "https://bugzilla.suse.com/999817"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-7445"
    },
    {
      "cve": "CVE-2016-8332",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-8332"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-8332",
          "url": "https://www.suse.com/security/cve/CVE-2016-8332"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1002414 for CVE-2016-8332",
          "url": "https://bugzilla.suse.com/1002414"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-8332",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-8332",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-8332",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-8332"
    },
    {
      "cve": "CVE-2016-9112",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9112"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9112",
          "url": "https://www.suse.com/security/cve/CVE-2016-9112"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9112",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9112",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007747 for CVE-2016-9112",
          "url": "https://bugzilla.suse.com/1007747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9112",
          "url": "https://bugzilla.suse.com/1015662"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1056396 for CVE-2016-9112",
          "url": "https://bugzilla.suse.com/1056396"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9112"
    },
    {
      "cve": "CVE-2016-9113",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9113"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image-\u003ecomps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9113",
          "url": "https://www.suse.com/security/cve/CVE-2016-9113"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9113",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9113",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007747 for CVE-2016-9113",
          "url": "https://bugzilla.suse.com/1007747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9113",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9113"
    },
    {
      "cve": "CVE-2016-9114",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9114"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image-\u003ecomps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9114",
          "url": "https://www.suse.com/security/cve/CVE-2016-9114"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9114",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007740 for CVE-2016-9114",
          "url": "https://bugzilla.suse.com/1007740"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9114",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007747 for CVE-2016-9114",
          "url": "https://bugzilla.suse.com/1007747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9114",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9114"
    },
    {
      "cve": "CVE-2016-9115",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9115"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9115",
          "url": "https://www.suse.com/security/cve/CVE-2016-9115"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9115",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007741 for CVE-2016-9115",
          "url": "https://bugzilla.suse.com/1007741"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9115",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007747 for CVE-2016-9115",
          "url": "https://bugzilla.suse.com/1007747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9115",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9115"
    },
    {
      "cve": "CVE-2016-9116",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9116"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9116",
          "url": "https://www.suse.com/security/cve/CVE-2016-9116"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9116",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007742 for CVE-2016-9116",
          "url": "https://bugzilla.suse.com/1007742"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9116",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007747 for CVE-2016-9116",
          "url": "https://bugzilla.suse.com/1007747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9116",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9116"
    },
    {
      "cve": "CVE-2016-9117",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9117"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9117",
          "url": "https://www.suse.com/security/cve/CVE-2016-9117"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9117",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007743 for CVE-2016-9117",
          "url": "https://bugzilla.suse.com/1007743"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9117",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007747 for CVE-2016-9117",
          "url": "https://bugzilla.suse.com/1007747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9117",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9117"
    },
    {
      "cve": "CVE-2016-9118",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9118"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9118",
          "url": "https://www.suse.com/security/cve/CVE-2016-9118"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9118",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9118",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007747 for CVE-2016-9118",
          "url": "https://bugzilla.suse.com/1007747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9118",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9118"
    },
    {
      "cve": "CVE-2016-9572",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9572"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9572",
          "url": "https://www.suse.com/security/cve/CVE-2016-9572"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9572",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9572",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1014543 for CVE-2016-9572",
          "url": "https://bugzilla.suse.com/1014543"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9572",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9572"
    },
    {
      "cve": "CVE-2016-9573",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9573"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9573",
          "url": "https://www.suse.com/security/cve/CVE-2016-9573"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9573",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9573",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1014543 for CVE-2016-9573",
          "url": "https://bugzilla.suse.com/1014543"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9573",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9573"
    },
    {
      "cve": "CVE-2016-9580",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9580"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9580",
          "url": "https://www.suse.com/security/cve/CVE-2016-9580"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9580",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9580",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1014975 for CVE-2016-9580",
          "url": "https://bugzilla.suse.com/1014975"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9580",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9580"
    },
    {
      "cve": "CVE-2016-9581",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9581"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9581",
          "url": "https://www.suse.com/security/cve/CVE-2016-9581"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9581",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9581",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1014975 for CVE-2016-9581",
          "url": "https://bugzilla.suse.com/1014975"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9581",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9581"
    }
  ]
}

ghsa-3fxp-m3gr-pfvm

Vulnerability from github

Published

2022-05-13 01:16

Modified

2022-05-13 01:16

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-9572"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-01T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.",
  "id": "GHSA-3fxp-m3gr-pfvm",
  "modified": "2022-05-13T01:16:23Z",
  "published": "2022-05-13T01:16:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9572"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uclouvain/openjpeg/issues/863"
    },
    {
      "type": "WEB",
      "url": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201710-26"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-3768"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/109233"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2016-9572

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-9572

Aliases

CVE-2016-9572

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-9572",
    "description": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.",
    "id": "GSD-2016-9572",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-9572.html",
      "https://www.debian.org/security/2017/dsa-3768",
      "https://advisories.mageia.org/CVE-2016-9572.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-9572"
      ],
      "details": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.",
      "id": "GSD-2016-9572",
      "modified": "2023-12-13T01:21:21.323849Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2016-9572",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "openjpeg",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "2.1.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "The OpenJPEG Project"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-476",
                "lang": "eng",
                "value": "CWE-476"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "http://www.securityfocus.com/bid/109233",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/109233"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572"
          },
          {
            "name": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
            "refsource": "MISC",
            "url": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d"
          },
          {
            "name": "https://github.com/uclouvain/openjpeg/issues/863",
            "refsource": "MISC",
            "url": "https://github.com/uclouvain/openjpeg/issues/863"
          },
          {
            "name": "https://security.gentoo.org/glsa/201710-26",
            "refsource": "MISC",
            "url": "https://security.gentoo.org/glsa/201710-26"
          },
          {
            "name": "https://www.debian.org/security/2017/dsa-3768",
            "refsource": "MISC",
            "url": "https://www.debian.org/security/2017/dsa-3768"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:uclouvain:openjpeg:2.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-9572"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-476"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572"
            },
            {
              "name": "https://github.com/uclouvain/openjpeg/issues/863",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/uclouvain/openjpeg/issues/863"
            },
            {
              "name": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d"
            },
            {
              "name": "DSA-3768",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2017/dsa-3768"
            },
            {
              "name": "GLSA-201710-26",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201710-26"
            },
            {
              "name": "109233",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/109233"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-02-12T23:27Z",
      "publishedDate": "2018-08-01T16:29Z"
    }
  }
}

suse-su-2016:3270-1

Vulnerability from csaf_suse

Published

2016-12-27 10:28

Modified

2016-12-27 10:28

Summary

Security update for openjpeg2

Notes

Title of the patch

Security update for openjpeg2

Description of the patch

Patchnames

SUSE-SLE-DESKTOP-12-SP2-2016-1914,SUSE-SLE-RPI-12-SP2-2016-1914,SUSE-SLE-SERVER-12-SP2-2016-1914

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for openjpeg2",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for openjpeg2 fixes the following issues:\n\n* CVE-2016-9114: NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740]\n* CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741]\n* CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975]\n* CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n* CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] \n* CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] \n* CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n* CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] \n* CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543]\n* CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format  could lead to code execution [bsc#1002414] \n* CVE-2016-7445: Null pointer dereference in convert.c could lead to crash [bsc#999817] \n \n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-DESKTOP-12-SP2-2016-1914,SUSE-SLE-RPI-12-SP2-2016-1914,SUSE-SLE-SERVER-12-SP2-2016-1914",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_3270-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2016:3270-1",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20163270-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2016:3270-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-December/002525.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1002414",
        "url": "https://bugzilla.suse.com/1002414"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007739",
        "url": "https://bugzilla.suse.com/1007739"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007740",
        "url": "https://bugzilla.suse.com/1007740"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007741",
        "url": "https://bugzilla.suse.com/1007741"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007742",
        "url": "https://bugzilla.suse.com/1007742"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007743",
        "url": "https://bugzilla.suse.com/1007743"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007744",
        "url": "https://bugzilla.suse.com/1007744"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007747",
        "url": "https://bugzilla.suse.com/1007747"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1014543",
        "url": "https://bugzilla.suse.com/1014543"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1014975",
        "url": "https://bugzilla.suse.com/1014975"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 999817",
        "url": "https://bugzilla.suse.com/999817"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-7445 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-7445/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-8332 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-8332/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9112 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9112/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9113 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9113/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9114 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9114/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9115 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9115/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9116 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9116/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9117 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9117/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9118 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9118/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9572 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9572/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9573 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9573/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9580 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9580/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9581 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9581/"
      }
    ],
    "title": "Security update for openjpeg2",
    "tracking": {
      "current_release_date": "2016-12-27T10:28:49Z",
      "generator": {
        "date": "2016-12-27T10:28:49Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2016:3270-1",
      "initial_release_date": "2016-12-27T10:28:49Z",
      "revision_history": [
        {
          "date": "2016-12-27T10:28:49Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.1.0-3.1.aarch64",
                "product": {
                  "name": "libopenjp2-7-2.1.0-3.1.aarch64",
                  "product_id": "libopenjp2-7-2.1.0-3.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.1.0-3.1.ppc64le",
                "product": {
                  "name": "libopenjp2-7-2.1.0-3.1.ppc64le",
                  "product_id": "libopenjp2-7-2.1.0-3.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.1.0-3.1.s390x",
                "product": {
                  "name": "libopenjp2-7-2.1.0-3.1.s390x",
                  "product_id": "libopenjp2-7-2.1.0-3.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.1.0-3.1.x86_64",
                "product": {
                  "name": "libopenjp2-7-2.1.0-3.1.x86_64",
                  "product_id": "libopenjp2-7-2.1.0-3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP2",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
        },
        "product_reference": "libopenjp2-7-2.1.0-3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-3.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64"
        },
        "product_reference": "libopenjp2-7-2.1.0-3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64"
        },
        "product_reference": "libopenjp2-7-2.1.0-3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le"
        },
        "product_reference": "libopenjp2-7-2.1.0-3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-3.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x"
        },
        "product_reference": "libopenjp2-7-2.1.0-3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
        },
        "product_reference": "libopenjp2-7-2.1.0-3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64"
        },
        "product_reference": "libopenjp2-7-2.1.0-3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le"
        },
        "product_reference": "libopenjp2-7-2.1.0-3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x"
        },
        "product_reference": "libopenjp2-7-2.1.0-3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
        },
        "product_reference": "libopenjp2-7-2.1.0-3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-7445",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-7445"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-7445",
          "url": "https://www.suse.com/security/cve/CVE-2016-7445"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-7445",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-7445",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-7445",
          "url": "https://bugzilla.suse.com/1015662"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 999817 for CVE-2016-7445",
          "url": "https://bugzilla.suse.com/999817"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-12-27T10:28:49Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-7445"
    },
    {
      "cve": "CVE-2016-8332",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-8332"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-8332",
          "url": "https://www.suse.com/security/cve/CVE-2016-8332"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1002414 for CVE-2016-8332",
          "url": "https://bugzilla.suse.com/1002414"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-8332",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-8332",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-8332",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-12-27T10:28:49Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-8332"
    },
    {
      "cve": "CVE-2016-9112",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9112"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9112",
          "url": "https://www.suse.com/security/cve/CVE-2016-9112"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9112",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9112",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007747 for CVE-2016-9112",
          "url": "https://bugzilla.suse.com/1007747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9112",
          "url": "https://bugzilla.suse.com/1015662"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1056396 for CVE-2016-9112",
          "url": "https://bugzilla.suse.com/1056396"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-12-27T10:28:49Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9112"
    },
    {
      "cve": "CVE-2016-9113",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9113"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image-\u003ecomps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9113",
          "url": "https://www.suse.com/security/cve/CVE-2016-9113"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9113",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9113",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007747 for CVE-2016-9113",
          "url": "https://bugzilla.suse.com/1007747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9113",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-12-27T10:28:49Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9113"
    },
    {
      "cve": "CVE-2016-9114",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9114"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image-\u003ecomps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9114",
          "url": "https://www.suse.com/security/cve/CVE-2016-9114"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9114",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007740 for CVE-2016-9114",
          "url": "https://bugzilla.suse.com/1007740"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9114",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007747 for CVE-2016-9114",
          "url": "https://bugzilla.suse.com/1007747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9114",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-12-27T10:28:49Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9114"
    },
    {
      "cve": "CVE-2016-9115",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9115"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9115",
          "url": "https://www.suse.com/security/cve/CVE-2016-9115"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9115",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007741 for CVE-2016-9115",
          "url": "https://bugzilla.suse.com/1007741"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9115",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007747 for CVE-2016-9115",
          "url": "https://bugzilla.suse.com/1007747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9115",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-12-27T10:28:49Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9115"
    },
    {
      "cve": "CVE-2016-9116",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9116"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9116",
          "url": "https://www.suse.com/security/cve/CVE-2016-9116"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9116",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007742 for CVE-2016-9116",
          "url": "https://bugzilla.suse.com/1007742"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9116",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007747 for CVE-2016-9116",
          "url": "https://bugzilla.suse.com/1007747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9116",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-12-27T10:28:49Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9116"
    },
    {
      "cve": "CVE-2016-9117",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9117"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9117",
          "url": "https://www.suse.com/security/cve/CVE-2016-9117"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9117",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007743 for CVE-2016-9117",
          "url": "https://bugzilla.suse.com/1007743"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9117",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007747 for CVE-2016-9117",
          "url": "https://bugzilla.suse.com/1007747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9117",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-12-27T10:28:49Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9117"
    },
    {
      "cve": "CVE-2016-9118",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9118"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9118",
          "url": "https://www.suse.com/security/cve/CVE-2016-9118"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9118",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9118",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007747 for CVE-2016-9118",
          "url": "https://bugzilla.suse.com/1007747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9118",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-12-27T10:28:49Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9118"
    },
    {
      "cve": "CVE-2016-9572",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9572"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9572",
          "url": "https://www.suse.com/security/cve/CVE-2016-9572"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9572",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9572",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1014543 for CVE-2016-9572",
          "url": "https://bugzilla.suse.com/1014543"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9572",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-12-27T10:28:49Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9572"
    },
    {
      "cve": "CVE-2016-9573",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9573"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9573",
          "url": "https://www.suse.com/security/cve/CVE-2016-9573"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9573",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9573",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1014543 for CVE-2016-9573",
          "url": "https://bugzilla.suse.com/1014543"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9573",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-12-27T10:28:49Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9573"
    },
    {
      "cve": "CVE-2016-9580",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9580"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9580",
          "url": "https://www.suse.com/security/cve/CVE-2016-9580"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9580",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9580",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1014975 for CVE-2016-9580",
          "url": "https://bugzilla.suse.com/1014975"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9580",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-12-27T10:28:49Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9580"
    },
    {
      "cve": "CVE-2016-9581",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9581"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9581",
          "url": "https://www.suse.com/security/cve/CVE-2016-9581"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9581",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9581",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1014975 for CVE-2016-9581",
          "url": "https://bugzilla.suse.com/1014975"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9581",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-12-27T10:28:49Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9581"
    }
  ]
}

fkie_cve-2016-9572

Vulnerability from fkie_nvd

Published

2018-08-01 16:29

Modified

2024-11-21 03:01

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
secalert@redhat.com	http://www.securityfocus.com/bid/109233
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572	Exploit, Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com	https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d	Patch, Third Party Advisory
secalert@redhat.com	https://github.com/uclouvain/openjpeg/issues/863	Exploit, Third Party Advisory
secalert@redhat.com	https://security.gentoo.org/glsa/201710-26	Third Party Advisory
secalert@redhat.com	https://www.debian.org/security/2017/dsa-3768	Third Party Advisory
secalert@redhat.com	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/109233
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572	Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/uclouvain/openjpeg/issues/863	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201710-26	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2017/dsa-3768	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Impacted products

	Vendor	Product	Version
	uclouvain	openjpeg	2.1.2
	debian	debian_linux	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:uclouvain:openjpeg:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CFB3AF6-73C9-4567-9FA4-DE81159128D7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un error de desreferencia de puntero NULL en la forma en la que openjpeg 2.1.2 descifraba ciertas im\u00e1genes de entrada. Debido a un error de l\u00f3gica en el c\u00f3digo responsable de descifrar la imagen de entrada, una aplicaci\u00f3n que emplee openjpeg para procesar datos de im\u00e1genes podr\u00eda cerrarse inesperadamente al procesar una imagen manipulada."
    }
  ],
  "id": "CVE-2016-9572",
  "lastModified": "2024-11-21T03:01:24.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-08-01T16:29:00.383",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/109233"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/uclouvain/openjpeg/issues/863"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-26"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-3768"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/109233"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/uclouvain/openjpeg/issues/863"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-26"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-3768"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-9572 (GCVE-0-2016-9572)

Vulnerability from cvelistv5

opensuse-su-2017:2567-1

Vulnerability from csaf_opensuse

ghsa-3fxp-m3gr-pfvm

Vulnerability from github

gsd-2016-9572

Vulnerability from gsd

suse-su-2016:3270-1

Vulnerability from csaf_suse

fkie_cve-2016-9572

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature