USN-5664-1: OpenJPEG vulnerabilities
7 October 2022
OpenJPEG could be made to crash if it opened a specially crafted file.
Releases
Packages
- openjpeg - development files for OpenJPEG, a JPEG 2000 image library - dev
Details
It was discovered that OpenJPEG did not properly handle PNM
headers, resulting in a null pointer dereference. A remote
attacker could possibly use this issue to cause a denial of
service (DoS). (CVE-2016-7445)
It was discovered that OpenJPEG incorrectly handled certain
image files resulting in division by zero. A remote attacker
could possibly use this issue to cause a denial of service
(DoS). (CVE-2016-9112 and CVE-2016-10506)
It was discovered that OpenJPEG incorrectly handled converting
certain image files resulting in a stack buffer overflow. A
remote attacker could possibly use this issue to cause a
denial of service (DoS). (CVE-2017-17479)
It was discovered that OpenJPEG incorrectly handled converting
PNM image files resulting in a null pointer dereference. A
remote attacker could possibly use this issue to cause a denial
of service (DoS). (CVE-2018-18088)
It was discovered that OpenJPEG incorrectly handled converting
DWT images files resulting in a buffer overflow. A remote
attacker could possibly use this issue to cause a denial of
service (DoS). (CVE-2020-27824)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
openjpip-dec-server
-
1:1.5.2-3.1ubuntu0.1~esm2
Available with Ubuntu Pro
-
openjpip-server
-
1:1.5.2-3.1ubuntu0.1~esm2
Available with Ubuntu Pro
-
openjpip-viewer-xerces
-
1:1.5.2-3.1ubuntu0.1~esm2
Available with Ubuntu Pro
-
openjpeg-tools
-
1:1.5.2-3.1ubuntu0.1~esm2
Available with Ubuntu Pro
-
openjpip-viewer
-
1:1.5.2-3.1ubuntu0.1~esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.