CVE-2023-39329

NameCVE-2023-39329
DescriptionA flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1081910

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openjpeg2 (PTS)bullseye2.4.0-3vulnerable
sid, trixie, bookworm2.5.0-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openjpeg2source(unstable)(unfixed)1081910

Notes

[bookworm] - openjpeg2 <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - openjpeg2 <no-dsa> (Minor issue)
https://github.com/uclouvain/openjpeg/issues/1474

Search for package or bug name: Reporting problems