Description
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through
2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a
different issue than CVE-2020-6851.
Ubuntu-Description
It was discovered that OpenJPEG did not properly handle certain input. If
OpenJPEG were supplied with specially crafted input, it could be made to crash
or possibly execute arbitrary code.
Package
Upstream: | needs-triage
|
Ubuntu 18.04 LTS: | released
(9.26~dfsg+0-0ubuntu0.18.04.14)
|
Ubuntu 20.04 LTS: | not-affected
(uses system openjpeg2)
|
Ubuntu 21.10: | not-affected
(uses system openjpeg2)
|
Ubuntu 16.04 ESM: | released
(9.26~dfsg+0-0ubuntu0.16.04.14)
|
Ubuntu 22.04 LTS: | not-affected
(uses system openjpeg2)
|
Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
Upstream: | needs-triage
|
Ubuntu 18.04 LTS: | DNE
|
Ubuntu 20.04 LTS: | DNE
|
Ubuntu 21.10: | DNE
|
Ubuntu 22.04 LTS: | DNE
|
Ubuntu 14.04 ESM: | needs-triage
|
Patches:
Updated: 2022-04-25 00:51:03 UTC (commit ecc1009cb19540b950de59270950018900f37f15)