UbuntuUpdates.org

Package "libopenjpip-server"

Name: libopenjpip-server

Description:

JPIP server for JPEG 2000 files
Latest version: 2.5.0-2ubuntu1.2
Release: oracular (24.10)
Level: security
Repository: universe
Head package: openjpeg2
Homepage: https://www.openjpeg.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libopenjpip-server"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libopenjpip-server" in Oracular

Repository Area Version
base universe 2.5.0-2ubuntu1
updates universe 2.5.0-2ubuntu1.2

Changelog

Version: 2.5.0-2ubuntu1.2 2025-01-22 17:07:05 UTC

  openjpeg2 (2.5.0-2ubuntu1.2) oracular-security; urgency=medium

  * SECURITY UPDATE: Heap buffer overflow.
    - debian/patches/CVE-2024-56826.patch: Add comp12w variable and
      comparisons in src/bin/common/color.c.
    - debian/patches/CVE-2024-56827.patch: Add l_current_tile_part comparison
      to check again total number of tile parts in src/bin/openjp2/j2k.c.
    - CVE-2024-56826
    - CVE-2024-56827

 -- Hlib Korzhynskyy <email address hidden> Mon, 20 Jan 2025 17:16:17 -0330
Source diff to previous version
CVE-2024-56826 A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_de
CVE-2024-56827 A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_de

Version: 2.5.0-2ubuntu1.1 2024-11-05 02:07:05 UTC

  openjpeg2 (2.5.0-2ubuntu1.1) oracular-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow
    - debian/patches/CVE-2021-3575.patch: opj_decompress: fix off-by-one
      read heap-buffer-overflow in sycc420_to_rgb() when x0 and y0 are odd
    - CVE-2021-3575

 -- Bruce Cable <email address hidden> Tue, 22 Oct 2024 14:51:44 +1100
CVE-2021-3575 A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use


About   -   Send Feedback to @ubuntu_updates