USN-4782-1: OpenJPEG vulnerabilities
17 March 2021
OpenJPEG could be made to crash if it opened a specially crafted file.
Releases
Packages
- openjpeg2 - JPEG 2000 image compression/decompression library
Details
It was discovered that OpenJPEG incorrectly handled certain image files. A
remote attacker could possibly use this issue to cause a denial of service.
CVE-2016-10506 and CVE-2017-12982 affected only Ubuntu 16.04 ESM.
CVE-2018-16375, CVE-2018-20845 and CVE-2019-12973 affected only
Ubuntu 18.04 ESM.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
-
libopenjp2-7
-
2.3.0-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04
-
libopenjp2-7
-
2.1.2-1.1+deb9u6ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
Related notices
- USN-4686-1: ghostscript, ghostscript-x, libgs9-common, libgs9, libgs-dev, ghostscript-doc
- USN-4497-1: libopenjp2-7, libopenjp2-7-dev, libopenjp3d-tools, libopenjpip7, libopenjp3d7, libopenjpip-dec-server, libopenjpip-server, libopenjp2-tools, openjpeg2, libopenjpip-viewer
- USN-5664-1: openjpip-server, openjpeg, libopenjpeg-java, libopenjpeg5, openjpip-dec-server, libopenjpeg-dev, openjpeg-tools, openjpip-viewer, openjpip-viewer-xerces