Debian Security Advisory
DLA-2550-1 openjpeg2 -- LTS security update
- Date Reported:
- 09 Feb 2021
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2020-27814, CVE-2020-27823, CVE-2020-27824, CVE-2020-27841, CVE-2020-27844, CVE-2020-27845.
- More information:
Various overflow errors were identified and fixed.
A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files.
Wrong computation of x1,y1 if -d option is used, resulting in heap buffer overflow.
Global buffer overflow on irreversible conversion when too many decomposition levels are specified.
Crafted input to be processed by the openjpeg encoder could cause an out-of-bounds read.
Crafted input to be processed by the openjpeg encoder could cause an out-of-bounds write.
Crafted input can cause out-of-bounds-read.
For Debian 9 stretch, these problems have been fixed in version 2.1.2-1.1+deb9u6.
We recommend that you upgrade your openjpeg2 packages.
For the detailed security status of openjpeg2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjpeg2
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS