| Package | openjpeg2 |
|---|---|
| Version | 2.1.2-1.1+deb8u1 (jessie), 2.1.2-1.1+deb9u8 (stretch) |
| Related CVEs | CVE-2021-3575 CVE-2024-56826 CVE-2024-56827 |
Several security vulnerabilities have been discovered in openjpeg2, a JPEG 2000 image library. Processing of maliciously crafted image files may trigger heap-based buffer overflows which may lead to an application crash or other undefined behavior.
In order to improve the error handling of openjpeg2 in jessie, the version was upgraded to 2.1.2, the same one as in stretch. This means long-standing minor issues CVE-2014-7947, CVE-2016-1923 and CVE-2016-3183 are also fixed in Debian 8 “jessie” now.
For Debian 8 jessie, these problems have been fixed in version 2.1.2-1.1+deb8u1.
For Debian 9 stretch, these problems have been fixed in version 2.1.2-1.1+deb9u8.
We recommend that you upgrade your openjpeg2 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.