ALT-BU-2022-4994-1
Branch p10_e2k update bulletin.
Package libopenjpeg2.0 updated to version 2.5.0-alt1 for branch p10_e2k.
Closed vulnerabilities
BDU:2015-09772
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2022-05920
Уязвимость параметра командной строки -ImgDir библиотеки для кодирования и декодирования изображений OpenJPEG, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2013-4289
Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow.
Modified: 2024-11-21
CVE-2013-4290
Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1) lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3) lib/openjp3d/event.c.
Modified: 2024-11-21
CVE-2018-16376
An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
Modified: 2024-11-21
CVE-2018-20846
Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
Modified: 2024-11-21
CVE-2019-6988
An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.
Modified: 2024-11-21
CVE-2021-29338
Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.
- https://github.com/uclouvain/openjpeg/issues/1338
- https://github.com/uclouvain/openjpeg/issues/1338
- [debian-lts-announce] 20220410 [SECURITY] [DLA 2975-1] openjpeg2 security update
- [debian-lts-announce] 20220410 [SECURITY] [DLA 2975-1] openjpeg2 security update
- FEDORA-2021-c1ac2ee5ee
- FEDORA-2021-c1ac2ee5ee
- FEDORA-2021-e145f477df
- FEDORA-2021-e145f477df
- GLSA-202209-04
- GLSA-202209-04
Modified: 2024-11-21
CVE-2021-3575
A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.
- https://bugzilla.redhat.com/show_bug.cgi?id=1957616
- https://bugzilla.redhat.com/show_bug.cgi?id=1957616
- https://github.com/uclouvain/openjpeg/issues/1347
- https://github.com/uclouvain/openjpeg/issues/1347
- FEDORA-2021-c1ac2ee5ee
- FEDORA-2021-c1ac2ee5ee
- FEDORA-2021-e145f477df
- FEDORA-2021-e145f477df
- https://ubuntu.com/security/CVE-2021-3575
- https://ubuntu.com/security/CVE-2021-3575
Modified: 2024-11-21
CVE-2022-1122
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
- https://github.com/uclouvain/openjpeg/issues/1368
- https://github.com/uclouvain/openjpeg/issues/1368
- [debian-lts-announce] 20220410 [SECURITY] [DLA 2975-1] openjpeg2 security update
- [debian-lts-announce] 20220410 [SECURITY] [DLA 2975-1] openjpeg2 security update
- FEDORA-2022-2d112d4480
- FEDORA-2022-2d112d4480
- FEDORA-2022-975e21444a
- FEDORA-2022-975e21444a
- FEDORA-2022-9515529c96
- FEDORA-2022-9515529c96
- GLSA-202209-04
- GLSA-202209-04
Closed bugs
Cycle through minimized windows in most recently used order