View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2022-1122 severity moderate: SUSE including 31 source package names (0.3.2-1.2:libopenjp2-7-2.3.0-150000.3.5.1, 0.3.32-3.4:libopenjp2-7-2.3.0-150000.3.5.1, …), 233 product×package rows across 71 product lines (Container containers/lmcache-vllm-openai, Container containers/open-webui, … (71 product lines)): Fixed 132, Known Not Affected 101.
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.