[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1950-1] openjpeg2 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : openjpeg2
Version        : 2.1.0-2+deb8u8
CVE ID         : CVE-2018-21010
Debian Bug     : 939553

A heap buffer overflow vulnerability was discovered in openjpeg2, the
open-source JPEG 2000 codec. This vulnerability is caused by insufficient
validation of width and height of image components in color_apply_icc_profile
(src/bin/common/color.c).  Remote attackers might leverage this vulnerability
via a crafted JP2 file, leading to denial of service (application crash) or any
other undefined behavior.

For Debian 8 "Jessie", this problem has been fixed in version
2.1.0-2+deb8u8.

We recommend that you upgrade your openjpeg2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEeDb9QWtkMa2LX4zREeMFjl5EGkIFAl2cmK4ACgkQEeMFjl5E
GkJV4gv+ILr9iKuvrc6dyINgKyIhmPjyAFv9Y4+VvTpj8ezQtvgFlcA90mhvcDDa
02ib0BLmo8VFdT0ObIxc8wd4H9qw+9M0M+9nppflKVoCsRLYswQeVohgoMPNXnoV
s/9RVis5t/HGrbEGX6mXohdRmA3U8VC4Ja+sXwwYjpQH2+yRX0vB7joIt92yOdtE
HLG/IBfXUidywacNr/acv/pXvAT3l2f2xqYk66s+6i56G2FK1V0bEdg4hmaoiWpQ
mEYr2UYNB4q+p8gdfUtMa7H155iR+9oa7YXO8cQyGqneMZUn5FmOlHDRyKulFKuB
sv5yCjVgsweeqgkV9+H1AjqFtfspZLHF+W7Qt9iASSgitzC44/xVcwCZpXnPRlAP
b1xHHi55zFwL+UpE9UpbEs/fOabDBc/NmYkQPpljzS5pnn5DwoY3SDu6o7pmIY79
TC6FYcK4326WISEkrpjUoSW2FbX/8vxB7WvwXoT67ViIoUw6NOoYxx1nn87mIPwg
rqLBYrhW
=Rgi3
-----END PGP SIGNATURE-----


Reply to: