Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian LTS: Security Advisory for openjpeg2 (DLA-2975-1)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the 'openjpeg2' package(s) announced via the DLA-2975-1 advisory.
Insight
Insight
Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec. CVE-2020-27842 Null pointer dereference through specially crafted input. The highest impact of this flaw is to application availability. CVE-2020-27843 The flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. CVE-2021-29338 Integer overflow allows remote attackers to crash the application, causing a denial of service. This occurs when the attacker uses the command line option '-ImgDir' on a directory that contains 1048576 files. CVE-2022-1122 Input directory with a large number of files can lead to a segmentation fault and a denial of service due to a call of free() on an uninitialized pointer.
Affected Software
Affected Software
'openjpeg2' package(s) on Debian Linux.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
For Debian 9 stretch, these problems have been fixed in version 2.1.2-1.1+deb9u7. We recommend that you upgrade your openjpeg2 packages.