Your submission was sent successfully! Close

CVE-2022-1122

Published: 29 March 2022

A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
blender
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

impish Needs triage

jammy Needs triage

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support)
ghostscript
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not compiled)
focal Not vulnerable
(uses system openjpeg2)
impish Not vulnerable
(uses system openjpeg2)
jammy Not vulnerable
(uses system openjpeg2)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code not compiled)
insighttoolkit4
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

impish Needs triage

jammy Needs triage

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support)
openjpeg
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

impish Does not exist

jammy Does not exist

trusty Needs triage

upstream Needs triage

xenial Ignored
(end of standard support)
openjpeg2
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

impish Needs triage

jammy Needs triage

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support)
Patches:
upstream: https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d
Binaries built from this source package are in Universe and so are supported by the community.
qtwebengine-opensource-src
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

impish Needs triage

jammy Needs triage

trusty Does not exist

upstream Needs triage

xenial Does not exist

texmaker
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

impish Needs triage

jammy Needs triage

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support)

Notes

AuthorNote
mdeslaur
this only affects the opj_decompress tool in the liopenjp2-tools
universe package

References