USN-4782-1: OpenJPEG vulnerabilities
17 March 2021
OpenJPEG could be made to crash if it opened a specially crafted file.
- openjpeg2 - JPEG 2000 image compression/decompression library
It was discovered that OpenJPEG incorrectly handled certain image files. A
remote attacker could possibly use this issue to cause a denial of service.
CVE-2016-10506 and CVE-2017-12982 affected only Ubuntu 16.04 ESM.
CVE-2018-16375, CVE-2018-20845 and CVE-2019-12973 affected only
Ubuntu 18.04 ESM.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.
- USN-4686-1: ghostscript-doc, libgs-dev, libgs9-common, ghostscript, libgs9, ghostscript-x
- USN-4497-1: libopenjpip-dec-server, libopenjp2-7, libopenjp3d-tools, libopenjpip7, libopenjp2-7-dev, libopenjp3d7, libopenjpip-server, libopenjp2-tools, libopenjpip-viewer, openjpeg2
- USN-5664-1: openjpip-dec-server, openjpip-viewer-xerces, libopenjpeg-java, libopenjpeg-dev, openjpip-viewer, openjpip-server, libopenjpeg5, openjpeg-tools, openjpeg