DescriptionNULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs844555

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openjpeg2 (PTS)jessie (security), jessie2.1.0-2+deb8u3vulnerable
stretch (security), stretch2.1.2-1.1+deb9u2vulnerable
buster, sid2.3.0-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

No code injection, function only exposed in the CLI tool

Search for package or bug name: Reporting problems