Update openjpeg to openjpeg-2.3.1-1ubuntu4 to fix CVE-2019-12973 CVE-2020-6851 CVE-2020-8112 CVE-2018-20847 CVE-2018-21010 CVE-2018-5727 CVE-2017-17480 CVE-2018-14423 CVE-2018-18088 CVE-2018-5785 CVE-2018-6616 critical remote

asked 2020-03-02 11:53:52 +0300

lpr gravatar image

updated 2020-03-24 10:19:19 +0300

https://launchpad.net/ubuntu/+source/openjpeg2/2.3.1-1ubuntu4

  • SECURITY UPDATE: denial of service via excessive iteration
    • debian/patches/CVE-2019-12973-1.patch: detect invalid file dimensions early in src/bin/jp2/convertbmp.c.
    • debian/patches/CVE-2019-12973-2.patch: avoid potential infinite loop in src/bin/jp2/convertbmp.c.
    • CVE-2019-12973
    • SECURITY UPDATE: heap overflow in opj_t1_clbl_decode_processor
    • debian/patches/CVE-2020-6851.patch: reject images whose coordinates are beyond INT_MAX in src/lib/openjp2/j2k.c.
    • CVE-2020-6851
    • SECURITY UPDATE: another heap overflow in opj_t1_clbl_decode_processor
    • debian/patches/CVE-2020-8112.patch: avoid integer overflow in src/lib/openjp2/tcd.c.
    • CVE-2020-8112
edit retag flag offensive close delete