cvelistv5 - cve-2015-8871

CVE-2015-8871 (GCVE-0-2015-8871)

Vulnerability from cvelistv5

Published

2016-09-21 14:00

Modified

2024-08-06 08:29

Severity ?

CWE

Summary

Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

suse-su-2017:2144-1

Vulnerability from csaf_suse

Published

2017-08-11 14:58

Modified

2017-08-11 14:58

Summary

Security update for openjpeg2

Notes

Title of the patch

Security update for openjpeg2

Description of the patch

This update for openjpeg2 fixes the following issues: - CVE 2016-7163: Integer Overflow could lead to remote code execution (bsc#997857). - CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead to denial of service (bsc#979907).

Patchnames

SUSE-SLE-DESKTOP-12-SP2-2017-1325,SUSE-SLE-DESKTOP-12-SP3-2017-1325,SUSE-SLE-RPI-12-SP2-2017-1325,SUSE-SLE-SERVER-12-SP2-2017-1325,SUSE-SLE-SERVER-12-SP3-2017-1325

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for openjpeg2",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for openjpeg2 fixes the following issues:\n\n- CVE 2016-7163: Integer Overflow could lead to remote code execution (bsc#997857).\n\n- CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead to denial of service (bsc#979907).\n\n\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-DESKTOP-12-SP2-2017-1325,SUSE-SLE-DESKTOP-12-SP3-2017-1325,SUSE-SLE-RPI-12-SP2-2017-1325,SUSE-SLE-SERVER-12-SP2-2017-1325,SUSE-SLE-SERVER-12-SP3-2017-1325",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2144-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:2144-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172144-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:2144-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-August/003133.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 979907",
        "url": "https://bugzilla.suse.com/979907"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 997857",
        "url": "https://bugzilla.suse.com/997857"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8871 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8871/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-7163 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-7163/"
      }
    ],
    "title": "Security update for openjpeg2",
    "tracking": {
      "current_release_date": "2017-08-11T14:58:50Z",
      "generator": {
        "date": "2017-08-11T14:58:50Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:2144-1",
      "initial_release_date": "2017-08-11T14:58:50Z",
      "revision_history": [
        {
          "date": "2017-08-11T14:58:50Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.1.0-4.3.2.aarch64",
                "product": {
                  "name": "libopenjp2-7-2.1.0-4.3.2.aarch64",
                  "product_id": "libopenjp2-7-2.1.0-4.3.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.1.0-4.3.2.ppc64le",
                "product": {
                  "name": "libopenjp2-7-2.1.0-4.3.2.ppc64le",
                  "product_id": "libopenjp2-7-2.1.0-4.3.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.1.0-4.3.2.s390x",
                "product": {
                  "name": "libopenjp2-7-2.1.0-4.3.2.s390x",
                  "product_id": "libopenjp2-7-2.1.0-4.3.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.1.0-4.3.2.x86_64",
                "product": {
                  "name": "libopenjp2-7-2.1.0-4.3.2.x86_64",
                  "product_id": "libopenjp2-7-2.1.0-4.3.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP2",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP3",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP3",
                  "product_id": "SUSE Linux Enterprise Server 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-4.3.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-4.3.2.x86_64"
        },
        "product_reference": "libopenjp2-7-2.1.0-4.3.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-4.3.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.3.2.x86_64"
        },
        "product_reference": "libopenjp2-7-2.1.0-4.3.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-4.3.2.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-4.3.2.aarch64"
        },
        "product_reference": "libopenjp2-7-2.1.0-4.3.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-4.3.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.aarch64"
        },
        "product_reference": "libopenjp2-7-2.1.0-4.3.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-4.3.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.ppc64le"
        },
        "product_reference": "libopenjp2-7-2.1.0-4.3.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-4.3.2.s390x as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.s390x"
        },
        "product_reference": "libopenjp2-7-2.1.0-4.3.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-4.3.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
          "product_id": "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.x86_64"
        },
        "product_reference": "libopenjp2-7-2.1.0-4.3.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-4.3.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.aarch64"
        },
        "product_reference": "libopenjp2-7-2.1.0-4.3.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-4.3.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.ppc64le"
        },
        "product_reference": "libopenjp2-7-2.1.0-4.3.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-4.3.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.s390x"
        },
        "product_reference": "libopenjp2-7-2.1.0-4.3.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-4.3.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.x86_64"
        },
        "product_reference": "libopenjp2-7-2.1.0-4.3.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-4.3.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.aarch64"
        },
        "product_reference": "libopenjp2-7-2.1.0-4.3.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-4.3.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.ppc64le"
        },
        "product_reference": "libopenjp2-7-2.1.0-4.3.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-4.3.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.s390x"
        },
        "product_reference": "libopenjp2-7-2.1.0-4.3.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-4.3.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.x86_64"
        },
        "product_reference": "libopenjp2-7-2.1.0-4.3.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-4.3.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.aarch64"
        },
        "product_reference": "libopenjp2-7-2.1.0-4.3.2.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-4.3.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.ppc64le"
        },
        "product_reference": "libopenjp2-7-2.1.0-4.3.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-4.3.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.s390x"
        },
        "product_reference": "libopenjp2-7-2.1.0-4.3.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-4.3.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.x86_64"
        },
        "product_reference": "libopenjp2-7-2.1.0-4.3.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-8871",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8871"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-4.3.2.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.3.2.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.s390x",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.s390x",
          "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.x86_64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-4.3.2.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8871",
          "url": "https://www.suse.com/security/cve/CVE-2015-8871"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2015-8871",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2015-8871",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 979907 for CVE-2015-8871",
          "url": "https://bugzilla.suse.com/979907"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-4.3.2.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.3.2.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.s390x",
            "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-4.3.2.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-4.3.2.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.3.2.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.s390x",
            "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-4.3.2.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-11T14:58:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-8871"
    },
    {
      "cve": "CVE-2016-7163",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-7163"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-4.3.2.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.3.2.x86_64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.aarch64",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.s390x",
          "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.s390x",
          "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.x86_64",
          "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-4.3.2.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-7163",
          "url": "https://www.suse.com/security/cve/CVE-2016-7163"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-7163",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-7163",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 997857 for CVE-2016-7163",
          "url": "https://bugzilla.suse.com/997857"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-4.3.2.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.3.2.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.s390x",
            "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-4.3.2.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7-2.1.0-4.3.2.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7-2.1.0-4.3.2.x86_64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.aarch64",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.s390x",
            "SUSE Linux Enterprise Server 12 SP2:libopenjp2-7-2.1.0-4.3.2.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.s390x",
            "SUSE Linux Enterprise Server 12 SP3:libopenjp2-7-2.1.0-4.3.2.x86_64",
            "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenjp2-7-2.1.0-4.3.2.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenjp2-7-2.1.0-4.3.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenjp2-7-2.1.0-4.3.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-11T14:58:50Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2016-7163"
    }
  ]
}

fkie_cve-2015-8871

Vulnerability from fkie_nvd

Published

2016-09-21 14:25

Modified

2025-04-12 10:46

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.

References

URL	Tags
cve@mitre.org	http://www.debian.org/security/2016/dsa-3665	Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/09/15/4	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2016/05/13/1	Mailing List, Third Party Advisory
cve@mitre.org	http://www.securitytracker.com/id/1038623
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=1263359	Issue Tracking
cve@mitre.org	https://github.com/uclouvain/openjpeg/blob/master/CHANGELOG.md	Release Notes, Third Party Advisory
cve@mitre.org	https://github.com/uclouvain/openjpeg/commit/940100c28ae28931722290794889cf84a92c5f6f	Issue Tracking, Patch
cve@mitre.org	https://github.com/uclouvain/openjpeg/issues/563	Issue Tracking, Patch
cve@mitre.org	https://security.gentoo.org/glsa/201612-26
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2016/dsa-3665	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/09/15/4	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2016/05/13/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038623
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1263359	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://github.com/uclouvain/openjpeg/blob/master/CHANGELOG.md	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/uclouvain/openjpeg/commit/940100c28ae28931722290794889cf84a92c5f6f	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/uclouvain/openjpeg/issues/563	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201612-26

Impacted products

	Vendor	Product	Version
	debian	debian_linux	8.0
	uclouvain	openjpeg	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6BA5BE-0BB1-43CD-8F99-1252CA514E6D",
              "versionEndIncluding": "2.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de memoria en la funci\u00f3n opj_j2k_write_mco en j2k.c en OpenJPEG en versiones anteriores a 2.1.1 permite a atacantes remotos tener impacto no especificado a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2015-8871",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-09-21T14:25:00.487",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3665"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/09/15/4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/05/13/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1038623"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1263359"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/uclouvain/openjpeg/blob/master/CHANGELOG.md"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://github.com/uclouvain/openjpeg/commit/940100c28ae28931722290794889cf84a92c5f6f"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://github.com/uclouvain/openjpeg/issues/563"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201612-26"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/09/15/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/05/13/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038623"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1263359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/uclouvain/openjpeg/blob/master/CHANGELOG.md"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://github.com/uclouvain/openjpeg/commit/940100c28ae28931722290794889cf84a92c5f6f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://github.com/uclouvain/openjpeg/issues/563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201612-26"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2016-03191

Vulnerability from cnvd

Title

OpenJPEG 'opj_j2k_write_mco'函数内存错误引用漏洞

Description

OpenJPEG是一款基于C语言的开源JPEG 2000编码解码器。 OpenJPEG的j2k.c文件中的‘opj_j2k_write_mco’函数中存在内存错误引用漏洞，允许远程攻击者利用漏洞构建恶意图片，诱使用户解析，使应用程序崩溃。

Severity

高

Patch Name

OpenJPEG 'opj_j2k_write_mco'函数内存错误引用漏洞的补丁

Patch Description

OpenJPEG是一款基于C语言的开源JPEG 2000编码解码器。 OpenJPEG的j2k.c文件中的‘opj_j2k_write_mco’函数中存在内存错误引用漏洞，允许远程攻击者利用漏洞构建恶意图片，诱使用户解析，使应用程序崩溃。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://github.com/uclouvain/openjpeg/commit/940100c28ae28931722290794889cf84a92c5f6f

Reference

http://www.openwall.com/lists/oss-security/2016/05/13/1

Impacted products

Name
OpenJPEG OpenJPEG

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-8871"
    }
  },
  "description": "OpenJPEG\u662f\u4e00\u6b3e\u57fa\u4e8eC\u8bed\u8a00\u7684\u5f00\u6e90JPEG 2000\u7f16\u7801\u89e3\u7801\u5668\u3002\r\n\r\nOpenJPEG\u7684j2k.c\u6587\u4ef6\u4e2d\u7684\u2018opj_j2k_write_mco\u2019\u51fd\u6570\u4e2d\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610f\u56fe\u7247\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002",
  "discovererName": "unknown",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://github.com/uclouvain/openjpeg/commit/940100c28ae28931722290794889cf84a92c5f6f",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-03191",
  "openTime": "2016-05-17",
  "patchDescription": "OpenJPEG\u662f\u4e00\u6b3e\u57fa\u4e8eC\u8bed\u8a00\u7684\u5f00\u6e90JPEG 2000\u7f16\u7801\u89e3\u7801\u5668\u3002\r\n\r\nOpenJPEG\u7684j2k.c\u6587\u4ef6\u4e2d\u7684\u2018opj_j2k_write_mco\u2019\u51fd\u6570\u4e2d\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610f\u56fe\u7247\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "OpenJPEG \u0027opj_j2k_write_mco\u0027\u51fd\u6570\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "OpenJPEG OpenJPEG"
  },
  "referenceLink": "http://www.openwall.com/lists/oss-security/2016/05/13/1",
  "serverity": "\u9ad8",
  "submitTime": "2016-05-15",
  "title": "OpenJPEG \u0027opj_j2k_write_mco\u0027\u51fd\u6570\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e"
}

gsd-2015-8871

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.

Aliases

CVE-2015-8871

Aliases

CVE-2015-8871

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-8871",
    "description": "Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.",
    "id": "GSD-2015-8871",
    "references": [
      "https://www.suse.com/security/cve/CVE-2015-8871.html",
      "https://www.debian.org/security/2016/dsa-3665"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-8871"
      ],
      "details": "Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.",
      "id": "GSD-2015-8871",
      "modified": "2023-12-13T01:20:03.913434Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-8871",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "GLSA-201612-26",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201612-26"
          },
          {
            "name": "https://github.com/uclouvain/openjpeg/issues/563",
            "refsource": "CONFIRM",
            "url": "https://github.com/uclouvain/openjpeg/issues/563"
          },
          {
            "name": "[oss-security] 20160512 Re: CVE Request : Use-after-free in openjpeg",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2016/05/13/1"
          },
          {
            "name": "https://github.com/uclouvain/openjpeg/blob/master/CHANGELOG.md",
            "refsource": "CONFIRM",
            "url": "https://github.com/uclouvain/openjpeg/blob/master/CHANGELOG.md"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1263359",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1263359"
          },
          {
            "name": "DSA-3665",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2016/dsa-3665"
          },
          {
            "name": "https://github.com/uclouvain/openjpeg/commit/940100c28ae28931722290794889cf84a92c5f6f",
            "refsource": "CONFIRM",
            "url": "https://github.com/uclouvain/openjpeg/commit/940100c28ae28931722290794889cf84a92c5f6f"
          },
          {
            "name": "1038623",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038623"
          },
          {
            "name": "[oss-security] 20150915 CVE Request : Use-after-free in openjpeg",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2015/09/15/4"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8871"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20150915 CVE Request : Use-after-free in openjpeg",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/09/15/4"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1263359",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1263359"
            },
            {
              "name": "https://github.com/uclouvain/openjpeg/issues/563",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch"
              ],
              "url": "https://github.com/uclouvain/openjpeg/issues/563"
            },
            {
              "name": "DSA-3665",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3665"
            },
            {
              "name": "https://github.com/uclouvain/openjpeg/blob/master/CHANGELOG.md",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://github.com/uclouvain/openjpeg/blob/master/CHANGELOG.md"
            },
            {
              "name": "https://github.com/uclouvain/openjpeg/commit/940100c28ae28931722290794889cf84a92c5f6f",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch"
              ],
              "url": "https://github.com/uclouvain/openjpeg/commit/940100c28ae28931722290794889cf84a92c5f6f"
            },
            {
              "name": "[oss-security] 20160512 Re: CVE Request : Use-after-free in openjpeg",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/05/13/1"
            },
            {
              "name": "GLSA-201612-26",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201612-26"
            },
            {
              "name": "1038623",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1038623"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-09-09T19:57Z",
      "publishedDate": "2016-09-21T14:25Z"
    }
  }
}

ghsa-34fc-57pc-g3m4

Vulnerability from github

Published

2022-05-13 01:16

Modified

2022-05-13 01:16

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-8871"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-09-21T14:25:00Z",
    "severity": "CRITICAL"
  },
  "details": "Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.",
  "id": "GHSA-34fc-57pc-g3m4",
  "modified": "2022-05-13T01:16:24Z",
  "published": "2022-05-13T01:16:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8871"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uclouvain/openjpeg/issues/563"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uclouvain/openjpeg/commit/940100c28ae28931722290794889cf84a92c5f6f"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1263359"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uclouvain/openjpeg/blob/master/CHANGELOG.md"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201612-26"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3665"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/09/15/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/05/13/1"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038623"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2017-AVI-167

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Google Android (Nexus). Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Google Android (Nexus) toutes versions n'intégrant pas le correctif de sécurité du 5 juin 2017

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

opensuse-su-2017:2567-1

Vulnerability from csaf_opensuse

Published

2017-09-25 21:34

Modified

2017-09-25 21:34

Summary

Security update for openjpeg2

Notes

Title of the patch

Security update for openjpeg2

Description of the patch

This update for openjpeg2 fixes the following issues: * CVE-2016-9114: NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740] * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741] * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975] * CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743] * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] * CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742] * CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543] * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash [bsc#999817] * CVE 2016-7163: Integer Overflow could lead to remote code execution [bsc#997857] * CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead to denial of service [bsc#979907] This update was imported from the SUSE:SLE-12-SP2:Update update project.

Patchnames

openSUSE-2017-1090

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for openjpeg2",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for openjpeg2 fixes the following issues:\n\n* CVE-2016-9114: NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740]\n* CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741]\n* CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975]\n* CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n* CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] \n* CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] \n* CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n* CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] \n* CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543]\n* CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format  could lead to code execution [bsc#1002414] \n* CVE-2016-7445: Null pointer dereference in convert.c could lead to crash [bsc#999817] \n* CVE 2016-7163: Integer Overflow could lead to remote code execution [bsc#997857]\n* CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead to denial of service [bsc#979907]\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2017-1090",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2017_2567-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2017:2567-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AL7JYPSOTOZ4UZQTE7T4Y3J7RCMV7M6M/#AL7JYPSOTOZ4UZQTE7T4Y3J7RCMV7M6M"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2017:2567-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AL7JYPSOTOZ4UZQTE7T4Y3J7RCMV7M6M/#AL7JYPSOTOZ4UZQTE7T4Y3J7RCMV7M6M"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1002414",
        "url": "https://bugzilla.suse.com/1002414"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007739",
        "url": "https://bugzilla.suse.com/1007739"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007740",
        "url": "https://bugzilla.suse.com/1007740"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007741",
        "url": "https://bugzilla.suse.com/1007741"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007742",
        "url": "https://bugzilla.suse.com/1007742"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007743",
        "url": "https://bugzilla.suse.com/1007743"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007744",
        "url": "https://bugzilla.suse.com/1007744"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007747",
        "url": "https://bugzilla.suse.com/1007747"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1014543",
        "url": "https://bugzilla.suse.com/1014543"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1014975",
        "url": "https://bugzilla.suse.com/1014975"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 979907",
        "url": "https://bugzilla.suse.com/979907"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 997857",
        "url": "https://bugzilla.suse.com/997857"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 999817",
        "url": "https://bugzilla.suse.com/999817"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8871 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8871/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-7163 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-7163/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-7445 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-7445/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-8332 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-8332/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9112 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9112/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9113 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9113/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9114 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9114/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9115 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9115/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9116 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9116/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9117 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9117/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9118 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9118/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9572 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9572/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9573 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9573/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9580 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9580/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9581 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9581/"
      }
    ],
    "title": "Security update for openjpeg2",
    "tracking": {
      "current_release_date": "2017-09-25T21:34:20Z",
      "generator": {
        "date": "2017-09-25T21:34:20Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2017:2567-1",
      "initial_release_date": "2017-09-25T21:34:20Z",
      "revision_history": [
        {
          "date": "2017-09-25T21:34:20Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.1.0-6.1.aarch64",
                "product": {
                  "name": "libopenjp2-7-2.1.0-6.1.aarch64",
                  "product_id": "libopenjp2-7-2.1.0-6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-2.1.0-6.1.aarch64",
                "product": {
                  "name": "openjpeg2-2.1.0-6.1.aarch64",
                  "product_id": "openjpeg2-2.1.0-6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-2.1.0-6.1.aarch64",
                "product": {
                  "name": "openjpeg2-devel-2.1.0-6.1.aarch64",
                  "product_id": "openjpeg2-devel-2.1.0-6.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.1.0-6.1.ppc64le",
                "product": {
                  "name": "libopenjp2-7-2.1.0-6.1.ppc64le",
                  "product_id": "libopenjp2-7-2.1.0-6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-2.1.0-6.1.ppc64le",
                "product": {
                  "name": "openjpeg2-2.1.0-6.1.ppc64le",
                  "product_id": "openjpeg2-2.1.0-6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-2.1.0-6.1.ppc64le",
                "product": {
                  "name": "openjpeg2-devel-2.1.0-6.1.ppc64le",
                  "product_id": "openjpeg2-devel-2.1.0-6.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.1.0-6.1.s390x",
                "product": {
                  "name": "libopenjp2-7-2.1.0-6.1.s390x",
                  "product_id": "libopenjp2-7-2.1.0-6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-2.1.0-6.1.s390x",
                "product": {
                  "name": "openjpeg2-2.1.0-6.1.s390x",
                  "product_id": "openjpeg2-2.1.0-6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-2.1.0-6.1.s390x",
                "product": {
                  "name": "openjpeg2-devel-2.1.0-6.1.s390x",
                  "product_id": "openjpeg2-devel-2.1.0-6.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenjp2-7-2.1.0-6.1.x86_64",
                "product": {
                  "name": "libopenjp2-7-2.1.0-6.1.x86_64",
                  "product_id": "libopenjp2-7-2.1.0-6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-2.1.0-6.1.x86_64",
                "product": {
                  "name": "openjpeg2-2.1.0-6.1.x86_64",
                  "product_id": "openjpeg2-2.1.0-6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-2.1.0-6.1.x86_64",
                "product": {
                  "name": "openjpeg2-devel-2.1.0-6.1.x86_64",
                  "product_id": "openjpeg2-devel-2.1.0-6.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Package Hub 12",
                "product": {
                  "name": "SUSE Package Hub 12",
                  "product_id": "SUSE Package Hub 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:packagehub:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Package Hub 12 SP1",
                "product": {
                  "name": "SUSE Package Hub 12 SP1",
                  "product_id": "SUSE Package Hub 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:packagehub:12:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64"
        },
        "product_reference": "libopenjp2-7-2.1.0-6.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le"
        },
        "product_reference": "libopenjp2-7-2.1.0-6.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-6.1.s390x as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x"
        },
        "product_reference": "libopenjp2-7-2.1.0-6.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64"
        },
        "product_reference": "libopenjp2-7-2.1.0-6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64"
        },
        "product_reference": "openjpeg2-2.1.0-6.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le"
        },
        "product_reference": "openjpeg2-2.1.0-6.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.1.0-6.1.s390x as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x"
        },
        "product_reference": "openjpeg2-2.1.0-6.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64"
        },
        "product_reference": "openjpeg2-2.1.0-6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64"
        },
        "product_reference": "openjpeg2-devel-2.1.0-6.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le"
        },
        "product_reference": "openjpeg2-devel-2.1.0-6.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.1.0-6.1.s390x as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x"
        },
        "product_reference": "openjpeg2-devel-2.1.0-6.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        },
        "product_reference": "openjpeg2-devel-2.1.0-6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64"
        },
        "product_reference": "libopenjp2-7-2.1.0-6.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le"
        },
        "product_reference": "libopenjp2-7-2.1.0-6.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-6.1.s390x as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x"
        },
        "product_reference": "libopenjp2-7-2.1.0-6.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenjp2-7-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64"
        },
        "product_reference": "libopenjp2-7-2.1.0-6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64"
        },
        "product_reference": "openjpeg2-2.1.0-6.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le"
        },
        "product_reference": "openjpeg2-2.1.0-6.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.1.0-6.1.s390x as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x"
        },
        "product_reference": "openjpeg2-2.1.0-6.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64"
        },
        "product_reference": "openjpeg2-2.1.0-6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.1.0-6.1.aarch64 as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64"
        },
        "product_reference": "openjpeg2-devel-2.1.0-6.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.1.0-6.1.ppc64le as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le"
        },
        "product_reference": "openjpeg2-devel-2.1.0-6.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.1.0-6.1.s390x as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x"
        },
        "product_reference": "openjpeg2-devel-2.1.0-6.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-2.1.0-6.1.x86_64 as component of SUSE Package Hub 12 SP1",
          "product_id": "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64"
        },
        "product_reference": "openjpeg2-devel-2.1.0-6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-8871",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8871"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8871",
          "url": "https://www.suse.com/security/cve/CVE-2015-8871"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2015-8871",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2015-8871",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 979907 for CVE-2015-8871",
          "url": "https://bugzilla.suse.com/979907"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-8871"
    },
    {
      "cve": "CVE-2016-7163",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-7163"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-7163",
          "url": "https://www.suse.com/security/cve/CVE-2016-7163"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-7163",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-7163",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 997857 for CVE-2016-7163",
          "url": "https://bugzilla.suse.com/997857"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2016-7163"
    },
    {
      "cve": "CVE-2016-7445",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-7445"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-7445",
          "url": "https://www.suse.com/security/cve/CVE-2016-7445"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-7445",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-7445",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-7445",
          "url": "https://bugzilla.suse.com/1015662"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 999817 for CVE-2016-7445",
          "url": "https://bugzilla.suse.com/999817"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-7445"
    },
    {
      "cve": "CVE-2016-8332",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-8332"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-8332",
          "url": "https://www.suse.com/security/cve/CVE-2016-8332"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1002414 for CVE-2016-8332",
          "url": "https://bugzilla.suse.com/1002414"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-8332",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-8332",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-8332",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-8332"
    },
    {
      "cve": "CVE-2016-9112",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9112"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9112",
          "url": "https://www.suse.com/security/cve/CVE-2016-9112"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9112",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9112",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007747 for CVE-2016-9112",
          "url": "https://bugzilla.suse.com/1007747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9112",
          "url": "https://bugzilla.suse.com/1015662"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1056396 for CVE-2016-9112",
          "url": "https://bugzilla.suse.com/1056396"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9112"
    },
    {
      "cve": "CVE-2016-9113",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9113"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image-\u003ecomps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9113",
          "url": "https://www.suse.com/security/cve/CVE-2016-9113"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9113",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9113",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007747 for CVE-2016-9113",
          "url": "https://bugzilla.suse.com/1007747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9113",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9113"
    },
    {
      "cve": "CVE-2016-9114",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9114"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image-\u003ecomps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9114",
          "url": "https://www.suse.com/security/cve/CVE-2016-9114"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9114",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007740 for CVE-2016-9114",
          "url": "https://bugzilla.suse.com/1007740"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9114",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007747 for CVE-2016-9114",
          "url": "https://bugzilla.suse.com/1007747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9114",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9114"
    },
    {
      "cve": "CVE-2016-9115",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9115"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9115",
          "url": "https://www.suse.com/security/cve/CVE-2016-9115"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9115",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007741 for CVE-2016-9115",
          "url": "https://bugzilla.suse.com/1007741"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9115",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007747 for CVE-2016-9115",
          "url": "https://bugzilla.suse.com/1007747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9115",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9115"
    },
    {
      "cve": "CVE-2016-9116",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9116"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9116",
          "url": "https://www.suse.com/security/cve/CVE-2016-9116"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9116",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007742 for CVE-2016-9116",
          "url": "https://bugzilla.suse.com/1007742"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9116",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007747 for CVE-2016-9116",
          "url": "https://bugzilla.suse.com/1007747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9116",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9116"
    },
    {
      "cve": "CVE-2016-9117",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9117"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9117",
          "url": "https://www.suse.com/security/cve/CVE-2016-9117"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9117",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007743 for CVE-2016-9117",
          "url": "https://bugzilla.suse.com/1007743"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9117",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007747 for CVE-2016-9117",
          "url": "https://bugzilla.suse.com/1007747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9117",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9117"
    },
    {
      "cve": "CVE-2016-9118",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9118"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9118",
          "url": "https://www.suse.com/security/cve/CVE-2016-9118"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9118",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9118",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007747 for CVE-2016-9118",
          "url": "https://bugzilla.suse.com/1007747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9118",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9118"
    },
    {
      "cve": "CVE-2016-9572",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9572"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9572",
          "url": "https://www.suse.com/security/cve/CVE-2016-9572"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9572",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9572",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1014543 for CVE-2016-9572",
          "url": "https://bugzilla.suse.com/1014543"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9572",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9572"
    },
    {
      "cve": "CVE-2016-9573",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9573"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9573",
          "url": "https://www.suse.com/security/cve/CVE-2016-9573"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9573",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9573",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1014543 for CVE-2016-9573",
          "url": "https://bugzilla.suse.com/1014543"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9573",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9573"
    },
    {
      "cve": "CVE-2016-9580",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9580"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9580",
          "url": "https://www.suse.com/security/cve/CVE-2016-9580"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9580",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9580",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1014975 for CVE-2016-9580",
          "url": "https://bugzilla.suse.com/1014975"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9580",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9580"
    },
    {
      "cve": "CVE-2016-9581",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9581"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
          "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9581",
          "url": "https://www.suse.com/security/cve/CVE-2016-9581"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007739 for CVE-2016-9581",
          "url": "https://bugzilla.suse.com/1007739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007744 for CVE-2016-9581",
          "url": "https://bugzilla.suse.com/1007744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1014975 for CVE-2016-9581",
          "url": "https://bugzilla.suse.com/1014975"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015662 for CVE-2016-9581",
          "url": "https://bugzilla.suse.com/1015662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12 SP1:openjpeg2-devel-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:libopenjp2-7-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-2.1.0-6.1.x86_64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.aarch64",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.ppc64le",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.s390x",
            "SUSE Package Hub 12:openjpeg2-devel-2.1.0-6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-09-25T21:34:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9581"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-8871 (GCVE-0-2015-8871)

Vulnerability from cvelistv5

suse-su-2017:2144-1

Vulnerability from csaf_suse

fkie_cve-2015-8871

Vulnerability from fkie_nvd

cnvd-2016-03191

Vulnerability from cnvd

gsd-2015-8871

Vulnerability from gsd

ghsa-34fc-57pc-g3m4

Vulnerability from github

CERTFR-2017-AVI-167

Vulnerability from certfr_avis

Solution

opensuse-su-2017:2567-1

Vulnerability from csaf_opensuse

Tags

Sightings

Nomenclature