-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : openjpeg2 Version : 2.1.0-2+deb8u8 CVE ID : CVE-2018-21010 Debian Bug : 939553
A heap buffer overflow vulnerability was discovered in openjpeg2, the open-source JPEG 2000 codec. This vulnerability is caused by insufficient validation of width and height of image components in color_apply_icc_profile (src/bin/common/color.c). Remote attackers might leverage this vulnerability via a crafted JP2 file, leading to denial of service (application crash) or any other undefined behavior. For Debian 8 "Jessie", this problem has been fixed in version 2.1.0-2+deb8u8. We recommend that you upgrade your openjpeg2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEEeDb9QWtkMa2LX4zREeMFjl5EGkIFAl2cmK4ACgkQEeMFjl5E GkJV4gv+ILr9iKuvrc6dyINgKyIhmPjyAFv9Y4+VvTpj8ezQtvgFlcA90mhvcDDa 02ib0BLmo8VFdT0ObIxc8wd4H9qw+9M0M+9nppflKVoCsRLYswQeVohgoMPNXnoV s/9RVis5t/HGrbEGX6mXohdRmA3U8VC4Ja+sXwwYjpQH2+yRX0vB7joIt92yOdtE HLG/IBfXUidywacNr/acv/pXvAT3l2f2xqYk66s+6i56G2FK1V0bEdg4hmaoiWpQ mEYr2UYNB4q+p8gdfUtMa7H155iR+9oa7YXO8cQyGqneMZUn5FmOlHDRyKulFKuB sv5yCjVgsweeqgkV9+H1AjqFtfspZLHF+W7Qt9iASSgitzC44/xVcwCZpXnPRlAP b1xHHi55zFwL+UpE9UpbEs/fOabDBc/NmYkQPpljzS5pnn5DwoY3SDu6o7pmIY79 TC6FYcK4326WISEkrpjUoSW2FbX/8vxB7WvwXoT67ViIoUw6NOoYxx1nn87mIPwg rqLBYrhW =Rgi3 -----END PGP SIGNATURE-----