Bugzilla – Bug 1111638
VUL-1: CVE-2018-18088: openjpeg2: NULL pointer dereference in the imagetopnm function of jp2/convert.c
Last modified: 2022-09-16 09:21:46 UTC
A flaw was found in OpenJPEG 2.3.0. A NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c
Potential fix (proposed upstream, not yet merged): https://github.com/uclouvain/openjpeg/commit/0e6a5553cfef21b764d289585af2c6934a95456b
Seems like only SLE-15 would be vulnerable to this. The SLE12 version is based on upstream version 2.1.0 and does not contain the vulnerable code.
https://github.com/hlef/openjpeg/commit/cab352e249ed3372dd9355c85e837613fff98fa2 got accepted as upstream fix.
https://github.com/uclouvain/openjpeg/pull/1160 seems also relevant.
This is an autogenerated message for OBS integration:
This bug (1111638) was mentioned in
https://build.opensuse.org/request/show/691318 Factory / openjpeg2