UbuntuUpdates.org

Package "openjpeg2"

Name: openjpeg2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • JPEG 2000 image compression/decompression library
  • development files for OpenJPEG, a JPEG 2000 image library
Latest version: 2.3.1-1ubuntu4.20.04.3
Release: focal (20.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "openjpeg2" in Focal

Repository Area Version
base universe 2.3.1-1ubuntu4
base main 2.3.1-1ubuntu4
security universe 2.3.1-1ubuntu4.20.04.3
security main 2.3.1-1ubuntu4.20.04.3
updates universe 2.3.1-1ubuntu4.20.04.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.3.1-1ubuntu4.20.04.3 2024-11-05 05:06:58 UTC

  openjpeg2 (2.3.1-1ubuntu4.20.04.3) focal-security; urgency=medium

  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2021-29338-1.patch:
    opj_compress/opj_uncompress: fix integer overflow in num_images
    - debian/patches/CVE-2021-29338-2.patch: Avoid overflow in
      multiplications in utilities related to big number of files in a
      directory
    - CVE-2021-29338
  * SECURITY UPDATE: heap buffer overflow
    - debian/patches/CVE-2021-3575.patch: opj_decompress: fix off-by-one
      read heap-buffer-overflow in sycc420_to_rgb() when x0 and y0 are odd
    - CVE-2021-3575
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2022-1122.patch: Fix segfault in
      src/bin/jp2/opj_decompress.c due to uninitialized pointer
    - CVE-2022-1122

 -- Bruce Cable <email address hidden> Tue, 22 Oct 2024 16:03:30 +1100
Source diff to previous version
CVE-2021-29338 Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacke
CVE-2021-3575 A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use
CVE-2022-1122 A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fai

Version: 2.3.1-1ubuntu4.20.04.2 2024-09-26 10:06:59 UTC

  openjpeg2 (2.3.1-1ubuntu4.20.04.2) focal-security; urgency=medium

  * SECURITY UPDATE: resource consumption loop
    - debian/patches/CVE-2023-39327.patch: when EPH markers are specified,
      they are required
    - CVE-2023-39327

 -- Bruce Cable <email address hidden> Wed, 25 Sep 2024 12:59:17 +1000
Source diff to previous version
CVE-2023-39327 A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on

Version: 2.3.1-1ubuntu4.20.04.1 2021-01-07 16:07:14 UTC

  openjpeg2 (2.3.1-1ubuntu4.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: use-after-free via directory
    - debian/patches/CVE-2020-15389.patch: fix double-free on input
      directory with mix of valid and invalid images in
      src/bin/jp2/opj_decompress.c.
    - CVE-2020-15389
  * SECURITY UPDATE: heap-buffer-overflow
    - debian/patches/CVE-2020-27814-1.patch: grow buffer size in
      src/lib/openjp2/tcd.c.
    - debian/patches/CVE-2020-27814-2.patch: grow it again
    - debian/patches/CVE-2020-27814-3.patch: and some more
    - debian/patches/CVE-2020-27814-4.patch: bigger, BIGGER!!!
    - CVE-2020-27814
  * SECURITY UPDATE: heap-buffer-overflow write
    - debian/patches/CVE-2020-27823.patch: fix wrong computation in
      src/bin/jp2/convertpng.c.
    - CVE-2020-27823
  * SECURITY UPDATE: global-buffer-overflow
    - debian/patches/CVE-2020-27824.patch: avoid global buffer overflow on
      irreversible conversion when too many decomposition levels are
      specified in src/lib/openjp2/dwt.c.
    - CVE-2020-27824
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2020-27841.patch: add extra checks to
      src/lib/openjp2/pi.c, src/lib/openjp2/pi.h, src/lib/openjp2/t2.c.
    - CVE-2020-27841
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2020-27842.patch: add check to
      src/lib/openjp2/t2.c.
    - CVE-2020-27842
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2020-27843.patch: add check to
      src/lib/openjp2/t2.c.
    - CVE-2020-27843
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2020-27845.patch: add extra checks to
      src/lib/openjp2/pi.c.
    - CVE-2020-27845

 -- Marc Deslauriers <email address hidden> Wed, 06 Jan 2021 09:44:46 -0500
CVE-2020-15389 jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory
CVE-2020-27823 Heap-buffer-overflow write in lib-openjp2
CVE-2020-27824 global-buffer-overflow read in lib-openjp2
CVE-2020-27841 There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by t
CVE-2020-27842 There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg coul
CVE-2020-27843 A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encodin
CVE-2020-27845 There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conver


About   -   Send Feedback to @ubuntu_updates