1. Ubuntu Security Notices
  2. USN-4782-1

USN-4782-1: OpenJPEG vulnerabilities

Publication date

17 March 2021

Overview

OpenJPEG could be made to crash if it opened a specially crafted file.

Releases

Packages

  • openjpeg2 - JPEG 2000 image compression/decompression library

Details

It was discovered that OpenJPEG incorrectly handled certain image files. A
remote attacker could possibly use this issue to cause a denial of service.
CVE-2016-10506 and CVE-2017-12982 affected only Ubuntu 16.04 ESM.
CVE-2018-16375, CVE-2018-20845 and CVE-2019-12973 affected only
Ubuntu 18.04 ESM.

It was discovered that OpenJPEG incorrectly handled certain image files. A
remote attacker could possibly use this issue to cause a denial of service.
CVE-2016-10506 and CVE-2017-12982 affected only Ubuntu 16.04 ESM.
CVE-2018-16375, CVE-2018-20845 and CVE-2019-12973 affected only
Ubuntu 18.04 ESM.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
18.04 bionic libopenjp2-7 –  2.3.0-2ubuntu0.1~esm1  
16.04 xenial libopenjp2-7 –  2.1.2-1.1+deb9u6ubuntu0.1~esm1  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›