Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
almalinuxAlmaLinuxALSA-2021:4251
HistoryNov 09, 2021 - 8:51 a.m.

Moderate: openjpeg2 security update

2021-11-0908:51:11
errata.almalinux.org
16

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.017 Low

EPSS

Percentile

87.7%

JSON

OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.

The following packages have been upgraded to a later upstream version: openjpeg2 (2.4.0).

Security Fix(es):

  • openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on by the decompressor (CVE-2020-15389)

  • openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS (CVE-2020-27814)

  • openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode() (CVE-2020-27823)

  • openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution (CVE-2021-3575)

  • openjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c (CVE-2018-5727)

  • openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c (CVE-2018-5785)

  • openjpeg: division-by-zero in functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c (CVE-2018-20845)

  • openjpeg: integer overflow in function opj_get_encoding_parameters in openjp2/pi.c (CVE-2018-20847)

  • openjpeg: denial of service in function opj_t1_encode_cblks in openjp2/t1.c (CVE-2019-12973)

  • openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes() (CVE-2020-27824)

  • openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (CVE-2020-27842)

  • openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (CVE-2020-27843)

  • openjpeg: heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (CVE-2020-27845)

  • openjpeg: out-of-bounds write due to an integer overflow in opj_compress.c (CVE-2021-29338)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
almalinux8noarchopenjpeg2-devel-docs< 2.4.0-4.el8openjpeg2-devel-docs-2.4.0-4.el8.noarch.rpm
almalinux8aarch64openjpeg2-devel< 2.4.0-4.el8openjpeg2-devel-2.4.0-4.el8.aarch64.rpm
almalinux8aarch64openjpeg2< 2.4.0-4.el8openjpeg2-2.4.0-4.el8.aarch64.rpm
almalinux8aarch64openjpeg2-tools< 2.4.0-4.el8openjpeg2-tools-2.4.0-4.el8.aarch64.rpm
almalinux8i686openjpeg2-devel< 2.4.0-4.el8openjpeg2-devel-2.4.0-4.el8.i686.rpm
almalinux8i686openjpeg2-tools< 2.4.0-4.el8openjpeg2-tools-2.4.0-4.el8.i686.rpm
almalinux8x86_64openjpeg2< 2.4.0-4.el8openjpeg2-2.4.0-4.el8.x86_64.rpm
almalinux8x86_64openjpeg2-tools< 2.4.0-4.el8openjpeg2-tools-2.4.0-4.el8.x86_64.rpm
almalinux8x86_64openjpeg2-devel< 2.4.0-4.el8openjpeg2-devel-2.4.0-4.el8.x86_64.rpm
almalinux8i686openjpeg2< 2.4.0-4.el8openjpeg2-2.4.0-4.el8.i686.rpm
Rows per page:
1-10 of 131

Related

nessus 48
redhat 1
oraclelinux 1
osv 17
rocky 1
amazon 1
openvas 57
ubuntu 6
fedora 11
cloudfoundry 1
debian 4
archlinux 1
gentoo 1
mageia 3
suse 3
redhatcve 6
prion 7
debiancve 7
veracode 10
cve 6
alpinelinux 3
ubuntucve 4
nessus
nessus
Oracle Linux 8 : openjpeg2 (ELSA-2021-4251)
2021-11-17 00:00:00
Rocky Linux 8 : openjpeg2 (RLSA-2021:4251)
2023-11-07 00:00:00
RHEL 8 : openjpeg2 (RHSA-2021:4251)
2021-11-11 00:00:00
redhat
redhat
(RHSA-2021:4251) Moderate: openjpeg2 security update
2021-11-09 08:51:11
oraclelinux
oraclelinux
openjpeg2 security update
2021-11-16 00:00:00
osv
osv
Moderate: openjpeg2 security update
2021-11-09 08:51:11
Moderate: openjpeg2 security update
2021-11-09 08:51:11
openjpeg2 vulnerabilities
2021-01-07 13:59:57
rocky
rocky
openjpeg2 security update
2021-11-09 08:51:11
amazon
amazon
Medium: openjpeg2
2022-01-18 21:37:00
openvas
openvas
Ubuntu: Security Advisory (USN-4685-1)
2021-01-11 00:00:00
Fedora: Security Advisory for openjpeg2 (FEDORA-2020-d32853a28d)
2021-01-15 00:00:00
Huawei EulerOS: Security Advisory for openjpeg2 (EulerOS-SA-2021-2198)
2021-07-13 00:00:00
ubuntu
ubuntu
OpenJPEG vulnerabilities
2021-01-07 00:00:00
OpenJPEG vulnerabilities
2023-03-15 00:00:00
OpenJPEG vulnerabilities
2021-03-16 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: mingw-openjpeg2-2.3.1-11.fc32
2021-01-15 01:21:20
[SECURITY] Fedora 32 Update: openjpeg2-2.3.1-10.fc32
2021-01-15 01:21:20
[SECURITY] Fedora 33 Update: openjpeg2-2.3.1-10.fc33
2020-12-22 01:30:14
cloudfoundry
cloudfoundry
USN-5952-1: OpenJPEG vulnerabilities | Cloud Foundry
2023-04-29 00:00:00
debian
debian
[SECURITY] [DSA 4882-1] openjpeg2 security update
2021-04-01 19:50:00
[SECURITY] [DLA 2550-1] openjpeg2 security update
2021-02-08 22:03:55
[SECURITY] [DLA 2975-1] openjpeg2 security update
2022-04-10 12:53:52
archlinux
archlinux
[ASA-202012-21] openjpeg2: multiple issues
2020-12-09 00:00:00
gentoo
gentoo
OpenJPEG: Multiple vulnerabilities
2021-01-26 00:00:00
mageia
mageia
Updated openjpeg2 packages fix security vulnerabilities
2020-12-20 17:43:28
Updated openjpeg2 packages fix security vulnerabilities
2020-12-29 14:57:17
Updated openjpeg2 packages fix a security vulnerability
2021-05-22 01:47:24
suse
suse
Security update for openjpeg2 (important)
2022-10-27 00:00:00
Security update for openjpeg2 (important)
2022-04-19 00:00:00
Security update for openjpeg (important)
2022-04-21 00:00:00
redhatcve
redhatcve
CVE-2018-20847
2020-03-02 13:32:34
CVE-2018-20845
2020-03-02 13:32:28
CVE-2020-27824
2020-12-08 22:48:15
prion
prion
Integer overflow
2019-06-26 18:15:00
Design/Logic Flaw
2019-06-26 18:15:00
Heap overflow
2021-01-26 18:15:00
debiancve
debiancve
CVE-2018-20845
2019-06-26 18:15:00
CVE-2020-27814
2021-01-26 18:15:00
CVE-2020-27824
2021-05-13 14:15:00
veracode
veracode
Open Redirect
2019-06-27 04:29:14
Denial Of Service (DoS)
2021-01-07 19:09:59
Denial Of Service (DoS)
2019-06-27 02:00:56
cve
cve
CVE-2018-20845
2019-06-26 18:15:00
CVE-2020-27824
2021-05-13 14:15:00
CVE-2020-27845
2021-01-05 18:15:00
alpinelinux
alpinelinux
CVE-2020-27824
2021-05-13 14:15:00
CVE-2020-27814
2021-01-26 18:15:00
CVE-2020-27823
2021-05-13 15:15:00
ubuntucve
ubuntucve
CVE-2020-27823
2020-12-09 00:00:00
CVE-2020-27814
2020-11-30 00:00:00
CVE-2021-29338
2021-04-14 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.017 Low

EPSS

Percentile

87.7%

JSON
Related for ALSA-2021:4251
nessus48redhat1oraclelinux1osv17rocky1amazon1openvas57ubuntu6fedora11cloudfoundry1debian4archlinux1gentoo1mageia3suse3redhatcve6prion7debiancve7veracode10cve6alpinelinux3ubuntucve4