CVE-2016-10507: Integer overflow vulnerability in the bmp24toimage function
allowed remote attackers to cause a denial of service (heap-based buffer
over-read and application crash) via a crafted bmp file (bsc#1056421).
CVE-2017-14039: A heap-based buffer overflow was discovered in the
opjt2encode_packet function. The vulnerability caused an out-of-bounds write,
which may have lead to remote denial of service or possibly unspecified other
impact (bsc#1056622).
CVE-2017-14164: A size-validation issue was discovered in opjj2kwrite_sot.
The vulnerability caused an out-of-bounds write, which may have lead to remote
DoS or possibly remote code execution (bsc#1057511).
CVE-2017-14040: An invalid write access was discovered in bin/jp2/convert.c,
triggering a crash in the tgatoimage function. The vulnerability may have lead
to remote denial of service or possibly unspecified other impact (bsc#1056621).
CVE-2017-14041: A stack-based buffer overflow was discovered in the
pgxtoimage function. The vulnerability caused an out-of-bounds write, which may
have lead to remote denial of service or possibly remote code execution
(bsc#1056562).
This update was imported from the SUSE:SLE-12-SP2:Update update project.