Bugzilla – Bug 1119560
VUL-1: CVE-2018-20098: exiv2: heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header
Last modified: 2022-11-29 17:41:02 UTC
CVE-2018-20098 There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20098 http://www.cvedetails.com/cve/CVE-2018-20098/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20098
This function only exists in SLE15 or newer, and is fixed in 0.27. backported to 0.26.
SUSE-SU-2022:4208-1: An update that fixes 11 vulnerabilities is now available. Category: security (important) Bug References: 1050257,1095070,1110282,1119559,1119560,1119562,1142677,1142678,1153577,1186231,1189337 CVE References: CVE-2017-11591,CVE-2018-11531,CVE-2018-17581,CVE-2018-20097,CVE-2018-20098,CVE-2018-20099,CVE-2019-13109,CVE-2019-13110,CVE-2019-17402,CVE-2021-29473,CVE-2021-32815 JIRA References: Sources used: openSUSE Leap 15.4 (src): exiv2-0_26-0.26-150400.9.21.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (src): exiv2-0_26-0.26-150400.9.21.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:4276-1: An update that fixes 11 vulnerabilities is now available. Category: security (important) Bug References: 1050257,1095070,1110282,1119559,1119560,1119562,1142677,1142678,1153577,1186231,1189337 CVE References: CVE-2017-11591,CVE-2018-11531,CVE-2018-17581,CVE-2018-20097,CVE-2018-20098,CVE-2018-20099,CVE-2019-13109,CVE-2019-13110,CVE-2019-17402,CVE-2021-29473,CVE-2021-32815 JIRA References: Sources used: openSUSE Leap 15.3 (src): exiv2-0.26-150000.6.26.1 SUSE Manager Server 4.1 (src): exiv2-0.26-150000.6.26.1 SUSE Manager Retail Branch Server 4.1 (src): exiv2-0.26-150000.6.26.1 SUSE Manager Proxy 4.1 (src): exiv2-0.26-150000.6.26.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): exiv2-0.26-150000.6.26.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): exiv2-0.26-150000.6.26.1 SUSE Linux Enterprise Server for SAP 15 (src): exiv2-0.26-150000.6.26.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): exiv2-0.26-150000.6.26.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): exiv2-0.26-150000.6.26.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): exiv2-0.26-150000.6.26.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): exiv2-0.26-150000.6.26.1 SUSE Linux Enterprise Server 15-LTSS (src): exiv2-0.26-150000.6.26.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): exiv2-0.26-150000.6.26.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): exiv2-0.26-150000.6.26.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): exiv2-0.26-150000.6.26.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): exiv2-0.26-150000.6.26.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): exiv2-0.26-150000.6.26.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): exiv2-0.26-150000.6.26.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): exiv2-0.26-150000.6.26.1 SUSE Enterprise Storage 7 (src): exiv2-0.26-150000.6.26.1 SUSE Enterprise Storage 6 (src): exiv2-0.26-150000.6.26.1 SUSE CaaS Platform 4.0 (src): exiv2-0.26-150000.6.26.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.