9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Debian Security Advisory DSA-4405-1 [email protected]
https://www.debian.org/security/ Luciano Bello
March 10, 2019 https://www.debian.org/security/faq
Package : openjpeg2
CVE ID : CVE-2017-17480 CVE-2018-5785 CVE-2018-6616 CVE-2018-14423
CVE-2018-18088
Debian Bug : 884738 888533 889683 904873 910763
Multiple vulnerabilities have been discovered in openjpeg2, the
open-source JPEG 2000 codec, that could be leveraged to cause a denial
of service or possibly remote code execution.
CVE-2017-17480
Write stack buffer overflow in the jp3d and jpwl codecs can result
in a denial of service or remote code execution via a crafted jp3d
or jpwl file.
CVE-2018-5785
Integer overflow can result in a denial of service via a crafted bmp
file.
CVE-2018-6616
Excessive iteration can result in a denial of service via a crafted
bmp file.
CVE-2018-14423
Division-by-zero vulnerabilities can result in a denial of service via
a crafted j2k file.
CVE-2018-18088
Null pointer dereference can result in a denial of service via a
crafted bmp file.
For the stable distribution (stretch), these problems have been fixed in
version 2.1.2-1.1+deb9u3.
We recommend that you upgrade your openjpeg2 packages.
For the detailed security status of openjpeg2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjpeg2
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 9 | mips | libopenjp2-tools | < 2.1.2-1.1+deb9u3 | libopenjp2-tools_2.1.2-1.1+deb9u3_mips.deb |
Debian | 8 | amd64 | libopenjpip-server | < 2.1.0-2+deb8u5 | libopenjpip-server_2.1.0-2+deb8u5_amd64.deb |
Debian | 9 | armhf | libopenjpip7 | < 2.1.2-1.1+deb9u3 | libopenjpip7_2.1.2-1.1+deb9u3_armhf.deb |
Debian | 9 | armhf | libopenjp2-tools | < 2.1.2-1.1+deb9u3 | libopenjp2-tools_2.1.2-1.1+deb9u3_armhf.deb |
Debian | 9 | mips | libopenjp3d7 | < 2.1.2-1.1+deb9u3 | libopenjp3d7_2.1.2-1.1+deb9u3_mips.deb |
Debian | 8 | amd64 | libopenjpip-dec-server | < 2.1.0-2+deb8u6 | libopenjpip-dec-server_2.1.0-2+deb8u6_amd64.deb |
Debian | 8 | amd64 | libopenjpip7 | < 2.1.0-2+deb8u6 | libopenjpip7_2.1.0-2+deb8u6_amd64.deb |
Debian | 8 | i386 | libopenjp2-7 | < 2.1.0-2+deb8u6 | libopenjp2-7_2.1.0-2+deb8u6_i386.deb |
Debian | 9 | amd64 | libopenjpip-server | < 2.1.2-1.1+deb9u3 | libopenjpip-server_2.1.2-1.1+deb9u3_amd64.deb |
Debian | 9 | s390x | libopenjpip7 | < 2.1.2-1.1+deb9u3 | libopenjpip7_2.1.2-1.1+deb9u3_s390x.deb |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P