Debian Openjpeg2 vulnerabilities

CVE-2017-14041 [HIGH] CVE-2017-14041: openjpeg2 - A stack-based buffer overflow was discovered in the pgxtoimage function in bin/j... A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. Scope: local bookworm: resolved (fixed in 2.3.0-1) bullseye: resolved (fixed in 2.3.0-1) forky: resolved (fixed in 2.3.0-1) sid

CVE-2017-14164 [HIGH] CVE-2017-14164: openjpeg2 - A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c... A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix

CVE-2017-17479 [CRITICAL] CVE-2017-17479: openjpeg2 - In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimag... In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. Scope: local bookworm: resolved (fixed in 2.3.0-2) bullseye: resolved (fixed in 2.3.0-2) forky: resolved (fixed in 2.3.0-2) s

CVE-2017-12982 [MEDIUM] CVE-2017-12982: openjpeg2 - The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does... The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c. Scope: local bookworm: resolved (fi

CVE-2016-9112 [HIGH] CVE-2016-9112: openjpeg2 - Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl functio... Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2. Scope: local bookworm: resolved (fixed in 2.1.2-1.2) bullseye: resolved (fixed in 2.1.2-1.2) forky: resolved (fixed in 2.1.2-1.2) sid: resolved (fixed in 2.1.2-1.2) trixie: resolved (fixed in 2.1.2-1.2)

CVE-2016-7163 [HIGH] CVE-2016-7163: openjpeg2 - Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows... Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write. Scope: local bookworm: resolved (fixed in 2.1.2-1) bullseye: resolved (fixed in 2.1.2-1) forky: resolved (fixed in 2.1.2-1) sid: resolved (fixed in 2.1.2-1) trixie: resolved

CVE-2016-5159 [HIGH] CVE-2016-5159: openjpeg2 - Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome befor... Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c.

CVE-2016-5158 [HIGH] CVE-2016-5158: openjpeg2 - Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPE... Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. Scope: local bookworm: re

CVE-2016-5139 [HIGH] CVE-2016-5139: openjpeg2 - Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPE... Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. Scope: local bookworm: resolved (fixed in 2.1.2-1) bullseye: resolved (fixed

CVE-2016-5152 [HIGH] CVE-2016-5152: openjpeg2 - Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJ... Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. Scope: local bookworm:

CVE-2016-5157 [HIGH] CVE-2016-5157: openjpeg2 - Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in Open... Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data. Scope: local bookworm: resolved (fixed in 2.1.2-1) bullseye: resolved (fix

CVE-2016-8332 [HIGH] CVE-2016-8332: openjpeg2 - A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing... A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. F

CVE-2016-1626 [MEDIUM] CVE-2016-1626: openjpeg2 - The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in ... The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. Scope: local bookworm: resolved (fixed in 2.1.2-1.2) bullseye: resolved (fixed in 2.1.2-1.2) forky:

CVE-2016-10504 [MEDIUM] CVE-2016-10504: openjpeg2 - Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.... Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file. Scope: local bookworm: resolved (fixed in 2.2.0-1) bullseye: resolved (fixed in 2.2.0-1) forky: resolved (fixed in 2.2.0-1) sid: resolved (fixed in 2.2.0-1) tri

CVE-2016-4796 [MEDIUM] CVE-2016-4796: openjpeg2 - Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPE... Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file. Scope: local bookworm: resolved (fixed in 2.1.1-1) bullseye: resolved (fixed in 2.1.1-1) forky: resolved (fixed in 2.1.1-1) sid: resolved (fixed in 2.1.1-1) trixie: resolved (fixed in 2

CVE-2016-3182 [MEDIUM] CVE-2016-3182: openjpeg2 - The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 a... The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file. Scope: local bookworm: resolved (fixed in 2.1.1-1) bullseye: resolved (fixed in 2.1.1-1) forky: resolved (fixed in 2.1.1-1) sid: resolved (fixed in 2.1.1-1) trixie: resolved (fixed in 2.1.1-1

CVE-2016-9118 [MEDIUM] CVE-2016-9118: openjpeg2 - Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 ... Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2. Scope: local bookworm: resolved (fixed in 2.1.2-1.2) bullseye: resolved (fixed in 2.1.2-1.2) forky: resolved (fixed in 2.1.2-1.2) sid: resolved (fixed in 2.1.2-1.2) trixie: resolved (fixed in 2.1.2-1.2)

CVE-2016-10507 [MEDIUM] CVE-2016-10507: openjpeg2 - Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in O... Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file. Scope: local bookworm: resolved (fixed in 2.1.2-1) bullseye: resolved (fixed in 2.1.2-1) forky: resolved (fixed in 2.1.2-1) sid: resol

CVE-2016-9572 [MEDIUM] CVE-2016-9572: openjpeg2 - A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded cert... A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image. Scope: local bookworm: resolved (fixed in 2.1.2-1.1) bullseye: resolved (fixed in 2.1.2-1.1) for

CVE-2016-1924 [MEDIUM] CVE-2016-1924: openjpeg2 - The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to caus... The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. Scope: local bookworm: resolved (fixed in 2.1.1-1) bullseye: resolved (fixed in 2.1.1-1) forky: resolved (fixed in 2.1.1-1) sid: resolved (fixed in 2.1.1-1) trixie: resolved (fixed in 2.1.1-