An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | openjpeg2 | < 2.3.1-1 | openjpeg2_2.3.1-1_all.deb |
Debian | 11 | all | openjpeg2 | < 2.3.1-1 | openjpeg2_2.3.1-1_all.deb |
Debian | 10 | all | openjpeg2 | <= 2.3.0-2+deb10u2 | openjpeg2_2.3.0-2+deb10u2_all.deb |
Debian | 999 | all | openjpeg2 | < 2.3.1-1 | openjpeg2_2.3.1-1_all.deb |
Debian | 13 | all | openjpeg2 | < 2.3.1-1 | openjpeg2_2.3.1-1_all.deb |