Package "libopenjpip7"
| Name: |
libopenjpip7
|
Description: |
JPEG 2000 Interactive Protocol
|
| Latest version: |
2.3.1-1ubuntu4.20.04.4 |
| Release: |
focal (20.04) |
| Level: |
updates |
| Repository: |
universe |
| Head package: |
openjpeg2 |
| Homepage: |
http://www.openjpeg.org |
Links
Download "libopenjpip7"
Other versions of "libopenjpip7" in Focal
Changelog
|
openjpeg2 (2.3.1-1ubuntu4.20.04.4) focal-security; urgency=medium
* SECURITY UPDATE: Heap buffer overflow.
- debian/patches/CVE-2024-56826.patch: Add comp12w variable and
comparisons in src/bin/common/color.c.
- debian/patches/CVE-2024-56827.patch: Add l_current_tile_part comparison
to check again total number of tile parts in src/bin/openjp2/j2k.c.
- CVE-2024-56826
- CVE-2024-56827
-- Hlib Korzhynskyy <email address hidden> Tue, 21 Jan 2025 12:27:28 -0330
|
| Source diff to previous version |
| CVE-2024-56826 |
A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_de |
| CVE-2024-56827 |
A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_de |
|
|
openjpeg2 (2.3.1-1ubuntu4.20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2021-29338-1.patch:
opj_compress/opj_uncompress: fix integer overflow in num_images
- debian/patches/CVE-2021-29338-2.patch: Avoid overflow in
multiplications in utilities related to big number of files in a
directory
- CVE-2021-29338
* SECURITY UPDATE: heap buffer overflow
- debian/patches/CVE-2021-3575.patch: opj_decompress: fix off-by-one
read heap-buffer-overflow in sycc420_to_rgb() when x0 and y0 are odd
- CVE-2021-3575
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2022-1122.patch: Fix segfault in
src/bin/jp2/opj_decompress.c due to uninitialized pointer
- CVE-2022-1122
-- Bruce Cable <email address hidden> Tue, 22 Oct 2024 16:03:30 +1100
|
| Source diff to previous version |
| CVE-2021-29338 |
Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacke |
| CVE-2021-3575 |
A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use |
| CVE-2022-1122 |
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fai |
|
|
openjpeg2 (2.3.1-1ubuntu4.20.04.2) focal-security; urgency=medium
* SECURITY UPDATE: resource consumption loop
- debian/patches/CVE-2023-39327.patch: when EPH markers are specified,
they are required
- CVE-2023-39327
-- Bruce Cable <email address hidden> Wed, 25 Sep 2024 12:59:17 +1000
|
| Source diff to previous version |
| CVE-2023-39327 |
A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on |
|
|
openjpeg2 (2.3.1-1ubuntu4.20.04.1) focal-security; urgency=medium
* SECURITY UPDATE: use-after-free via directory
- debian/patches/CVE-2020-15389.patch: fix double-free on input
directory with mix of valid and invalid images in
src/bin/jp2/opj_decompress.c.
- CVE-2020-15389
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2020-27814-1.patch: grow buffer size in
src/lib/openjp2/tcd.c.
- debian/patches/CVE-2020-27814-2.patch: grow it again
- debian/patches/CVE-2020-27814-3.patch: and some more
- debian/patches/CVE-2020-27814-4.patch: bigger, BIGGER!!!
- CVE-2020-27814
* SECURITY UPDATE: heap-buffer-overflow write
- debian/patches/CVE-2020-27823.patch: fix wrong computation in
src/bin/jp2/convertpng.c.
- CVE-2020-27823
* SECURITY UPDATE: global-buffer-overflow
- debian/patches/CVE-2020-27824.patch: avoid global buffer overflow on
irreversible conversion when too many decomposition levels are
specified in src/lib/openjp2/dwt.c.
- CVE-2020-27824
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2020-27841.patch: add extra checks to
src/lib/openjp2/pi.c, src/lib/openjp2/pi.h, src/lib/openjp2/t2.c.
- CVE-2020-27841
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2020-27842.patch: add check to
src/lib/openjp2/t2.c.
- CVE-2020-27842
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2020-27843.patch: add check to
src/lib/openjp2/t2.c.
- CVE-2020-27843
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2020-27845.patch: add extra checks to
src/lib/openjp2/pi.c.
- CVE-2020-27845
-- Marc Deslauriers <email address hidden> Wed, 06 Jan 2021 09:44:46 -0500
|
| CVE-2020-15389 |
jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory |
| CVE-2020-27823 |
Heap-buffer-overflow write in lib-openjp2 |
| CVE-2020-27824 |
global-buffer-overflow read in lib-openjp2 |
| CVE-2020-27841 |
There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by t |
| CVE-2020-27842 |
There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg coul |
| CVE-2020-27843 |
A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encodin |
| CVE-2020-27845 |
There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conver |
|
About
-
Send Feedback to @ubuntu_updates
