USN-4782-1: OpenJPEG vulnerabilities

Published Mar 17, 2021
·
Updated

It was discovered that OpenJPEG incorrectly handled certain image files. A remote attacker could possibly use this issue to cause a denial of service. CVE-2016-10506 and CVE-2017-12982 affected only Ubuntu 16.04 ESM. CVE-2018-16375, CVE-2018-20845 and CVE-2019-12973 affected only Ubuntu 18.04 ESM.

Affected Software

1 affected component
OpenJPEG OpenJPEG

Event History

May 10, 2025
Advisory Published
via Ubuntu·03:44 AM
Data Sourced
via Ubuntu·03:44 AM
DescriptionAffected Software

Child vulnerabilities

Contains the following vulnerabilities.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the vulnerability ID for the OpenJPEG vulnerabilities?

The vulnerability ID for the OpenJPEG vulnerabilities is CVE-2016-10506, CVE-2017-12982, CVE-2018-16375, CVE-2018-20845, and CVE-2019-12973.

2

What is the severity of the OpenJPEG vulnerabilities?

The severity of the OpenJPEG vulnerabilities is not specified in the information provided.

3

Which versions of Ubuntu are affected by the OpenJPEG vulnerabilities?

Only Ubuntu 16.04 ESM and Ubuntu 18.04 ESM are affected by the OpenJPEG vulnerabilities.

4

How can a remote attacker exploit the OpenJPEG vulnerabilities?

A remote attacker could possibly exploit the OpenJPEG vulnerabilities to cause a denial of service.

5

How can I fix the OpenJPEG vulnerabilities?

To fix the OpenJPEG vulnerabilities, update the libopenjp2-7 package to version 2.3.0-2ubuntu0.1~esm1 for Ubuntu 16.04 ESM and to version 2.1.2-1.1+deb9u6ubuntu0.1~esm1 for Ubuntu 18.04 ESM.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203