Skip to content

1.188.0
Compare
Choose a tag to compare
@cf-buildpacks-eng cf-buildpacks-eng released this 05 Nov 16:49
· 27 commits to main since this release
1.188.0
808826f

Notably, this release addresses:

USN-7083-1 OpenJPEG vulnerabilities:

  • CVE-2021-3575:
    A heap-based buffer overflow was found in openjpeg in color.c:379:42 in
    sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could
    use this to execute arbitrary code with the permissions of the application
    compiled against openjpeg.
  • CVE-2021-29338:
    Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the
    application, causing a Denial of Service (DoS). This occurs when the
    attacker uses the command line option "-ImgDir" on a directory that
    contains 1048576 files.
  • CVE-2022-1122:
    A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the
    way it handles an input directory with a large number of files. When it
    fails to allocate a buffer to store the filenames of the input directory,
    it calls free() on an uninitialized pointer, leading to a segmentation
    fault and a denial of service.
-ii  libopenjp2-7:amd64     2.4.0-6ubuntu0.1 amd64 JPEG 2000 image compression/decompression library
-ii  libopenjp2-7-dev:amd64 2.4.0-6ubuntu0.1 amd64 development files for OpenJPEG, a JPEG 2000 image library
+ii  libopenjp2-7:amd64     2.4.0-6ubuntu0.2 amd64 JPEG 2000 image compression/decompression library
+ii  libopenjp2-7-dev:amd64 2.4.0-6ubuntu0.2 amd64 development files for OpenJPEG, a JPEG 2000 image library```
Assets 3
Loading