Debian 10260 Published by

An openjpeg2 security update has been released for Debian GNU/Linux 8 Extended LTS to address a denial of service issue.



ELA-615-1 openjpeg2 security update

Package openjpeg2
Version 2.1.0-2+deb8u14
Related CVEs CVE-2022-1122

A flaw was found in the opj2_decompress program in openjpeg2 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.

For Debian 8 jessie, these problems have been fixed in version 2.1.0-2+deb8u14.

We recommend that you upgrade your openjpeg2 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-615-1 openjpeg2 security update