AVG-1339 log

Package openjpeg2
Status Fixed
Severity Medium
Type multiple issues
Affected 2.3.1-2
Fixed 2.4.0-1
Current 2.4.0-1 [extra]
Ticket None
Created Wed Dec 9 11:00:09 2020
Issue Severity Remote Type Description
CVE-2020-27845 Medium No Denial of service
An out-of-bounds read was discovered in lib/openjp2/pi.c:312 in OpenJPEG before version 2.4.0.
CVE-2020-27843 Medium No Denial of service
An out-of-bounds read was found in opj_t2_encode_packet when small precincts and an origin shift are given in OpenJPEG before version 2.4.0.
CVE-2020-27842 Medium No Denial of service
A null pointer dereference issue was found in lib/openjp2/tgt.c when a small precincts size, the option "-TP C" and non (0,0) grid offset are given in...
CVE-2020-27841 Medium No Denial of service
An out-of-bounds read was discovered in lib/openjp2/pi.c:623 in OpenJPEG before version 2.4.0.
CVE-2020-27824 Medium No Denial of service
In OpenJPEG before version 2.4.0, if too many decomposition levels are supplied to the encoder, it could cause a global buffer overflow to out-of-bounds...
CVE-2020-27814 Medium No Arbitrary code execution
A heap-buffer overwrite error was discovered in lib/openjp2/mqc.c in OpenJPEG before version 2.4.0. The vulnerability causes an out-of- bounds write, which...
CVE-2020-15389 Medium No Denial of service
jp2/opj_decompress.c in OpenJPEG before version 2.4.0 has a use-after- free that can be triggered if there is a mix of valid and invalid files in a...
CVE-2020-8112 Medium No Arbitrary code execution
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG before version 2.4.0 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than...
CVE-2020-6851 Medium No Arbitrary code execution
OpenJPEG before version 2.4.0 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of...
CVE-2019-12973 Medium No Denial of service
In OpenJPEG before version 2.4.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this...
Date Advisory Package Type
09 Dec 2020 ASA-202012-21 openjpeg2 multiple issues