USN-4497-1: OpenJPEG vulnerabilities
It was discovered that OpenJPEG incorrectly handled certain image files. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-9112) It was discovered that OpenJPEG did not properly handle certain input. If OpenJPEG were supplied with specially crafted input, it could be made to crash or potentially execute arbitrary code. (CVE-2018-20847, CVE-2018-21010, CVE-2020-6851, CVE-2020-8112, CVE-2020-15389) It was discovered that OpenJPEG incorrectly handled certain BMP files. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2019-12973)
Affected Software
Event History
Child vulnerabilities
Contains the following vulnerabilities.
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2016-9112.
What is the impact of this vulnerability?
This vulnerability could allow a remote attacker to cause a denial of service.
Which software packages are affected by this vulnerability?
The affected software packages are libopenjp2-7, libopenjp2-tools, libopenjp3d-tools, libopenjp3d7, libopenjpip-dec-server, libopenjpip-server, libopenjpip-viewer, and libopenjpip7.
How can I fix this vulnerability?
To fix this vulnerability, update the affected software packages to version 2.1.2-1.1+deb9u5build0.16.04.1 or later.
Where can I find more information about this vulnerability?
More information about this vulnerability can be found at the following references: CVE-2018-20847, CVE-2018-21010, CVE-2019-12973.