USN-5664-1: OpenJPEG vulnerabilities
7 October 2022
OpenJPEG could be made to crash if it opened a specially crafted file.
Releases
Packages
- openjpeg - development files for OpenJPEG, a JPEG 2000 image library - dev
Details
It was discovered that OpenJPEG did not properly handle PNM
headers, resulting in a null pointer dereference. A remote
attacker could possibly use this issue to cause a denial of
service (DoS). (CVE-2016-7445)
It was discovered that OpenJPEG incorrectly handled certain
image files resulting in division by zero. A remote attacker
could possibly use this issue to cause a denial of service
(DoS). (CVE-2016-9112 and CVE-2016-10506)
It was discovered that OpenJPEG incorrectly handled converting
certain image files resulting in a stack buffer overflow. A
remote attacker could possibly use this issue to cause a
denial of service (DoS). (CVE-2017-17479)
It was discovered that OpenJPEG incorrectly handled converting
PNM image files resulting in a null pointer dereference. A
remote attacker could possibly use this issue to cause a denial
of service (DoS). (CVE-2018-18088)
It was discovered that OpenJPEG incorrectly handled converting
DWT images files resulting in a buffer overflow. A remote
attacker could possibly use this issue to cause a denial of
service (DoS). (CVE-2020-27824)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
openjpip-dec-server
-
1:1.5.2-3.1ubuntu0.1~esm2
Available with Ubuntu Pro
-
openjpip-server
-
1:1.5.2-3.1ubuntu0.1~esm2
Available with Ubuntu Pro
-
openjpip-viewer-xerces
-
1:1.5.2-3.1ubuntu0.1~esm2
Available with Ubuntu Pro
-
openjpeg-tools
-
1:1.5.2-3.1ubuntu0.1~esm2
Available with Ubuntu Pro
-
openjpip-viewer
-
1:1.5.2-3.1ubuntu0.1~esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
Related notices
- USN-4782-1: libopenjp2-7, libopenjpip-dec-server, libopenjp3d7, libopenjpip-viewer, openjpeg2, libopenjp2-7-dev, libopenjpip-server, libopenjp2-tools, libopenjp3d-tools, libopenjpip7
- USN-4497-1: libopenjp2-7, libopenjpip-dec-server, libopenjp3d7, libopenjpip-viewer, openjpeg2, libopenjp2-7-dev, libopenjpip-server, libopenjp2-tools, libopenjp3d-tools, libopenjpip7
- USN-4109-1: libopenjp2-7, libopenjpip-dec-server, libopenjp3d7, libopenjpip-viewer, openjpeg2, libopenjp2-7-dev, libopenjpip-server, libopenjp2-tools, libopenjp3d-tools, libopenjpip7
- USN-4685-1: libopenjp2-7, libopenjpip-dec-server, libopenjp3d7, libopenjpip-viewer, openjpeg2, libopenjp2-7-dev, libopenjpip-server, libopenjp2-tools, libopenjp3d-tools, libopenjpip7
- USN-4686-1: ghostscript-doc, libgs-dev, ghostscript-x, libgs9, libgs9-common, ghostscript
- USN-4880-1: libopenjp2-7, libopenjpip-dec-server, libopenjp3d7, libopenjpip-viewer, openjpeg2, libopenjp2-7-dev, libopenjpip-server, libopenjp2-tools, libopenjp3d-tools, libopenjpip7
- USN-5952-1: libopenjp2-7, libopenjpip-dec-server, libopenjp3d7, libopenjpip-viewer, openjpeg2, libopenjp2-7-dev, libopenjpip-server, libopenjp2-tools, libopenjp3d-tools, libopenjpip7