Information on source package openjpeg2

Available versions

ReleaseVersion
stretch2.1.2-1.1+deb9u4
stretch (security)2.1.2-1.1+deb9u6
buster2.3.0-2+deb10u1
bullseye2.4.0-3
sid2.4.0-3

Open issues

BugstretchbusterbullseyesidDescription
CVE-2020-8112fixedvulnerable (no DSA)fixedfixedopj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through ...
CVE-2020-6851fixedvulnerable (no DSA)fixedfixedOpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl ...
CVE-2020-27845fixedvulnerable (no DSA)fixedfixedThere's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior t ...
CVE-2020-27844fixedvulnerablefixedfixedA flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior ...
CVE-2020-27843vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableA flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw all ...
CVE-2020-27842vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThere's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An ...
CVE-2020-27841fixedvulnerable (no DSA)fixedfixedThere's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openj ...
CVE-2020-27824fixedvulnerable (no DSA)fixedfixedglobal-buffer-overflow read in lib-openjp2
CVE-2020-27823fixedvulnerablefixedfixedHeap-buffer-overflow write in lib-openjp2
CVE-2020-27814fixedvulnerablefixedfixedA heap-buffer overflow was found in the way openjpeg2 handled certain ...
CVE-2020-15389fixedvulnerable (no DSA)fixedfixedjp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free th ...
CVE-2019-6988vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableAn issue was discovered in OpenJPEG 2.3.0. It allows remote attackers ...
CVE-2019-12973fixedvulnerable (no DSA)fixedfixedIn OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_c ...

Open unimportant issues

BugstretchbusterbullseyesidDescription
CVE-2018-7648vulnerablevulnerablefixedfixedAn issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. Th ...
CVE-2018-5727vulnerablevulnerablefixedfixedIn OpenJPEG 2.3.0, there is an integer overflow vulnerability in the o ...
CVE-2018-20846vulnerablevulnerablevulnerablevulnerableOut-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi ...
CVE-2018-20845vulnerablevulnerablefixedfixedDivision-by-zero vulnerabilities in the functions pi_next_pcrl, pi_nex ...
CVE-2018-16376vulnerablevulnerablevulnerablevulnerableAn issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflo ...
CVE-2018-16375vulnerablevulnerablevulnerablevulnerableAn issue was discovered in OpenJPEG 2.3.0. Missing checks for header_i ...
CVE-2017-17479vulnerablevulnerablevulnerablevulnerableIn OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...
CVE-2017-12982vulnerablefixedfixedfixedThe bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG ...
CVE-2016-9581vulnerablevulnerablevulnerablevulnerableAn infinite loop vulnerability in tiftoimage that results in heap buff ...
CVE-2016-9580vulnerablevulnerablevulnerablevulnerableAn integer overflow vulnerability was found in tiftoimage function in ...
CVE-2016-9117vulnerablevulnerablevulnerablevulnerableNULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in O ...
CVE-2016-9116vulnerablevulnerablevulnerablevulnerableNULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in O ...
CVE-2016-9115vulnerablevulnerablevulnerablevulnerableHeap Buffer Over-read in function imagetotga of convert.c(jp2):942 in ...
CVE-2016-9114vulnerablevulnerablevulnerablevulnerableThere is a NULL Pointer Access in function imagetopnm of convert.c:194 ...
CVE-2016-9113vulnerablevulnerablevulnerablevulnerableThere is a NULL pointer dereference in function imagetobmp of convertb ...
CVE-2016-10506vulnerablevulnerablevulnerablevulnerableDivision-by-zero vulnerabilities in the functions opj_pi_next_cprl, op ...
CVE-2016-10505vulnerablevulnerablevulnerablevulnerableNULL pointer dereference vulnerabilities in the imagetopnm function in ...

Resolved issues

BugDescription
CVE-2018-6616In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_c ...
CVE-2018-5785In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bo ...
CVE-2018-21010OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_pr ...
CVE-2018-20847An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the functi ...
CVE-2018-18088OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imageto ...
CVE-2018-14423Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_nex ...
CVE-2017-17480In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...
CVE-2017-14164A size-validation issue was discovered in opj_j2k_write_sot in lib/ope ...
CVE-2017-14152A mishandled zero case was discovered in opj_j2k_set_cinema_parameters ...
CVE-2017-14151An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_ ...
CVE-2017-14041A stack-based buffer overflow was discovered in the pgxtoimage functio ...
CVE-2017-14040An invalid write access was discovered in bin/jp2/convert.c in OpenJPE ...
CVE-2017-14039A heap-based buffer overflow was discovered in the opj_t2_encode_packe ...
CVE-2016-9573An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in th ...
CVE-2016-9572A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 de ...
CVE-2016-9118Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of conve ...
CVE-2016-9112Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cp ...
CVE-2016-8332A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution wh ...
CVE-2016-7445convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a ...
CVE-2016-7163Integer overflow in the opj_pi_create_decode function in pi.c in OpenJ ...
CVE-2016-5159Multiple integer overflows in OpenJPEG, as used in PDFium in Google Ch ...
CVE-2016-5158Multiple integer overflows in the opj_tcd_init_tile function in tcd.c ...
CVE-2016-5157Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt ...
CVE-2016-5152Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd. ...
CVE-2016-5139Multiple integer overflows in the opj_tcd_init_tile function in tcd.c ...
CVE-2016-4797Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd. ...
CVE-2016-4796Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c ...
CVE-2016-3183The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 ...
CVE-2016-3182The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG befo ...
CVE-2016-1924The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attacke ...
CVE-2016-1923Heap-based buffer overflow in the opj_j2k_update_image_data function i ...
CVE-2016-1628pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564. ...
CVE-2016-1626The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in ...
CVE-2016-10507Integer overflow vulnerability in the bmp24toimage function in convert ...
CVE-2016-10504Heap-based buffer overflow vulnerability in the opj_mqc_byteout functi ...
CVE-2015-8871Use-after-free vulnerability in the opj_j2k_write_mco function in j2k. ...
CVE-2015-6581Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_t ...
CVE-2015-1239Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG ...
CVE-2014-7947OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0. ...

Security announcements

DSA / DLADescription
DLA-2550-1openjpeg2 - security update
DLA-2277-1openjpeg2 - security update
DLA-2089-1openjpeg2 - security update
DLA-2081-1openjpeg2 - security update
DLA-1950-1openjpeg2 - security update
DLA-1851-1openjpeg2 - security update
DSA-4405-1openjpeg2 - security update
DLA-1614-1openjpeg2 - security update
DLA-1579-1openjpeg2 - security update
DLA-1433-1openjpeg2 - security update
DSA-4013-1openjpeg2 - security update
DSA-3768-1openjpeg2 - security update
DSA-3665-1openjpeg2 - security update

Search for package or bug name: Reporting problems