USN-4782-1: OpenJPEG vulnerabilities
17 March 2021
OpenJPEG could be made to crash if it opened a specially crafted file.
Releases
Packages
- openjpeg2 - JPEG 2000 image compression/decompression library
Details
It was discovered that OpenJPEG incorrectly handled certain image files. A
remote attacker could possibly use this issue to cause a denial of service.
CVE-2016-10506 and CVE-2017-12982 affected only Ubuntu 16.04 ESM.
CVE-2018-16375, CVE-2018-20845 and CVE-2019-12973 affected only
Ubuntu 18.04 ESM.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
-
libopenjp2-7
-
2.3.0-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04
-
libopenjp2-7
-
2.1.2-1.1+deb9u6ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
Related notices
- USN-4686-1: ghostscript-x, libgs-dev, ghostscript, libgs9-common, libgs9, ghostscript-doc
- USN-4497-1: libopenjp3d7, libopenjp2-7-dev, libopenjp3d-tools, libopenjpip-dec-server, libopenjpip-viewer, libopenjpip7, openjpeg2, libopenjp2-tools, libopenjpip-server, libopenjp2-7
- USN-5664-1: openjpeg, openjpip-server, openjpeg-tools, libopenjpeg5, openjpip-viewer-xerces, libopenjpeg-dev, openjpip-viewer, openjpip-dec-server, libopenjpeg-java