UbuntuUpdates.org

Package "openjpeg2"

Name: openjpeg2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • JPEG 2000 image compression/decompression library
  • development files for OpenJPEG, a JPEG 2000 image library
  • JPEG 2000 image compression/decompression library
Latest version: 2.5.0-2ubuntu0.4
Release: noble (24.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "openjpeg2" in Noble

Repository Area Version
base universe 2.5.0-2build3
base main 2.5.0-2build3
security main 2.5.0-2ubuntu0.4
security universe 2.5.0-2ubuntu0.4
updates universe 2.5.0-2ubuntu0.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.5.0-2ubuntu0.4 2025-09-19 06:07:07 UTC

  openjpeg2 (2.5.0-2ubuntu0.4) noble-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2025-50952.patch: Add a check to avoid null pointer
      dereference in src/lib/openjp2/dwt.c.
    - CVE-2025-50952

 -- Edwin Jiang <email address hidden> Wed, 17 Sep 2025 15:10:22 +0000
Source diff to previous version
CVE-2025-50952 openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c.

Version: 2.5.0-2ubuntu0.3 2025-01-22 19:07:06 UTC

  openjpeg2 (2.5.0-2ubuntu0.3) noble-security; urgency=medium

  * SECURITY UPDATE: Heap buffer overflow.
    - debian/patches/CVE-2024-56826.patch: Add comp12w variable and
      comparisons in src/bin/common/color.c.
    - debian/patches/CVE-2024-56827.patch: Add l_current_tile_part comparison
      to check again total number of tile parts in src/bin/openjp2/j2k.c.
    - CVE-2024-56826
    - CVE-2024-56827

 -- Hlib Korzhynskyy <email address hidden> Tue, 21 Jan 2025 11:57:35 -0330
Source diff to previous version
CVE-2024-56826 A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_de
CVE-2024-56827 A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_de

Version: 2.5.0-2ubuntu0.2 2024-11-05 05:07:03 UTC

  openjpeg2 (2.5.0-2ubuntu0.2) noble-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow
    - debian/patches/CVE-2021-3575.patch: opj_decompress: fix off-by-one
      read heap-buffer-overflow in sycc420_to_rgb() when x0 and y0 are odd
    - CVE-2021-3575

 -- Bruce Cable <email address hidden> Tue, 22 Oct 2024 14:53:32 +1100
Source diff to previous version
CVE-2021-3575 A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use

Version: 2.5.0-2ubuntu0.1 2024-09-26 10:07:04 UTC

  openjpeg2 (2.5.0-2ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: resource consumption loop
    - debian/patches/CVE-2023-39327.patch: when EPH markers are specified,
      they are required
    - CVE-2023-39327

 -- Bruce Cable <email address hidden> Wed, 25 Sep 2024 12:59:53 +1000
CVE-2023-39327 A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on


About   -   Send Feedback to @ubuntu_updates