Debian Openjpeg2 vulnerabilities

CVE-2020-27844 [HIGH] CVE-2020-27844: openjpeg2 - A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. ... A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Scope: local bookworm: resolved bullseye: resol

CVE-2019-12973 [MEDIUM] CVE-2019-12973: openjpeg2 - In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks funct... In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616. Scope: local bookworm: resolved (fixed in 2.4.0-1) bullseye: resolved (fixed in 2.4.0-1) forky: resolved (fixed in 2.4.

CVE-2019-6988 [MEDIUM] CVE-2019-6988: openjpeg2 - An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a... An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-21010 [HIGH] CVE-2018-21010: openjpeg2 - OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in b... OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c. Scope: local bookworm: resolved (fixed in 2.3.1-1) bullseye: resolved (fixed in 2.3.1-1) forky: resolved (fixed in 2.3.1-1) sid: resolved (fixed in 2.3.1-1) trixie: resolved (fixed in 2.3.1-1)

CVE-2018-6616 [MEDIUM] CVE-2018-6616: openjpeg2 - In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks funct... In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. Scope: local bookworm: resolved (fixed in 2.3.0-2) bullseye: resolved (fixed in 2.3.0-2) forky: resolved (fixed in 2.3.0-2) sid: resolved (fixed in 2.3.0-2) trix

CVE-2018-18088 [MEDIUM] CVE-2018-18088: openjpeg2 - OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm functi... OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c Scope: local bookworm: resolved (fixed in 2.3.0-2) bullseye: resolved (fixed in 2.3.0-2) forky: resolved (fixed in 2.3.0-2) sid: resolved (fixed in 2.3.0-2) trixie: resolved (fixed in 2.3.0-2)

CVE-2018-16375 [HIGH] CVE-2018-16375: openjpeg2 - An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height... An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 2.3.1-1) bullseye: resolved (fixed in 2.3.1-1) forky: resolved (fixed in 2.3.1-1) sid: resolved (fixed in 2.3.1-1) trixie: resolve

CVE-2018-7648 [CRITICAL] CVE-2018-7648: openjpeg2 - An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output p... An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line. Scope: local bookworm: resolved (fixed in 2.3.1-1) bullseye: resolved (fixed in 2.3.1-1) forky: resolved (fixed in 2.3.1-1) sid: resolved (fixed in

CVE-2018-16376 [HIGH] CVE-2018-16376: openjpeg2 - An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was disc... An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-5727 [MEDIUM] CVE-2018-5727: openjpeg2 - In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_enco... In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. Scope: local bookworm: resolved (fixed in 2.3.1-1) bullseye: resolved (fixed in 2.3.1-1) forky: resolved (fixed in 2.3.1-1) sid: resolved (fixed in

CVE-2018-14423 [HIGH] CVE-2018-14423: openjpeg2 - Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, an... Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). Scope: local bookworm: resolved (fixed in 2.3.0-2) bullseye: resolved (fixed in 2.3.0-2) forky: resolved (fixed in 2.3.0-2) sid: resolved (fixed in 2.3

CVE-2018-20847 [HIGH] CVE-2018-20847: openjpeg2 - An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get... An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. Scope: local bookworm: resolved (fixed in 2.3.1-1) bullseye: resolved (fixed in 2.3.1-1) forky: resolved (fixed in 2.3.1-1) sid: resolved (fixed in 2.3.1-1) trixie: resolved (fixed in 2.3.1-

CVE-2018-5785 [MEDIUM] CVE-2018-5785: openjpeg2 - In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left ... In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. Scope: local bookworm: resolved (fixed in 2.3.0-2) bullseye: resolved (fixed in 2.3.0-2) forky: resolved (fixed in 2.3.0-

CVE-2018-20846 [MEDIUM] CVE-2018-20846: openjpeg2 - Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl... Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). Scope: local bookworm: resolved (fixed in 2.3.1-1) bullseye: resolved (fixed in 2.3.1-1) forky: resolved (fixed in 2.3.1-1

CVE-2018-20845 [MEDIUM] CVE-2018-20845: openjpeg2 - Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, an... Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). Scope: local bookworm: resolved (fixed in 2.3.1-1) bullseye: resolved (fixed in 2.3.1-1) forky: resolved (fixed in 2.3.1-1) sid: resolved (fixed in 2.3.1-

CVE-2017-17480 [CRITICAL] CVE-2017-17480: openjpeg2 - In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolu... In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. Scope: local bookworm: resolved (fixed in 2.3.0-2) bullseye: resolved (fixed in 2.3.0-2) forky: resolved (fixed in 2.3.0-2)

CVE-2017-14152 [HIGH] CVE-2017-14152: openjpeg2 - A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/op... A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution. Scope:

CVE-2017-14151 [HIGH] CVE-2017-14151: openjpeg2 - An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in li... An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in lib/openjp2/t1.c) or possibly remote code execution. Scope:

CVE-2017-14039 [HIGH] CVE-2017-14039: openjpeg2 - A heap-based buffer overflow was discovered in the opj_t2_encode_packet function... A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. Scope: local bookworm: resolved (fixed in 2.3.0-1) bullseye: resolved (fixed in 2.3.0-1) forky: resolved (fixed in 2

CVE-2017-14040 [HIGH] CVE-2017-14040: openjpeg2 - An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, t... An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact. Scope: local bookworm: resolved (fixed in 2.3.0-1) bullseye: resolved (fixed in 2.3.0-1) forky: resolved (fixed in 2.3.0-1) sid: resolved (fixed in