UbuntuUpdates.org

Package "openjpeg2"

Name: openjpeg2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • command-line tools using the JPEG 2000 library
  • command-line tools using the JPEG 2000 - 3D library
  • JP3D (JPEG 2000 / Part 10) image compression/decompression library
  • tool to allow caching of JPEG 2000 files using JPIP protocol
Latest version: 2.4.0-6ubuntu0.2
Release: jammy (22.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "openjpeg2" in Jammy

Repository Area Version
base main 2.4.0-6
base universe 2.4.0-6
security main 2.4.0-6ubuntu0.2
updates main 2.4.0-6ubuntu0.2
updates universe 2.4.0-6ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.4.0-6ubuntu0.2 2024-11-05 16:06:56 UTC

  openjpeg2 (2.4.0-6ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow
    - debian/patches/CVE-2021-3575.patch: opj_decompress: fix off-by-one
      read heap-buffer-overflow in sycc420_to_rgb() when x0 and y0 are odd
    - CVE-2021-3575
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2021-29338.patch: Avoid overflow in
      multiplications in utilities related to a big number of files in a
      directory
    - CVE-2021-29338
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2022-1122.patch: Fix segfault in
      src/bin/jp2/opj_decompress.c due to uninitialized pointer
    - CVE-2022-1122

 -- Bruce Cable <email address hidden> Tue, 22 Oct 2024 15:06:23 +1100
Source diff to previous version
CVE-2021-3575 A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use
CVE-2021-29338 Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacke
CVE-2022-1122 A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fai

Version: 2.4.0-6ubuntu0.1 2024-09-26 09:07:06 UTC

  openjpeg2 (2.4.0-6ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: resource consumption loop
    - debian/patches/CVE-2023-39327.patch: when EPH markers are specified,
      they are required
    - CVE-2023-39327

 -- Bruce Cable <email address hidden> Wed, 25 Sep 2024 13:00:18 +1000
CVE-2023-39327 A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on


About   -   Send Feedback to @ubuntu_updates