An issue was discovered in OpenJPEG 2.3.0. Missing checks for headerinfo.height and headerinfo.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.
{ "binaries": [ { "binary_name": "libopenjp2-7", "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm1" }, { "binary_name": "libopenjp2-7-dbgsym", "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm1" }, { "binary_name": "libopenjp2-7-dev", "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm1" }, { "binary_name": "libopenjp2-tools", "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm1" }, { "binary_name": "libopenjp2-tools-dbgsym", "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm1" }, { "binary_name": "libopenjp3d-tools", "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm1" }, { "binary_name": "libopenjp3d-tools-dbgsym", "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm1" }, { "binary_name": "libopenjp3d7", "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm1" }, { "binary_name": "libopenjp3d7-dbgsym", "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm1" }, { "binary_name": "libopenjpip-dec-server", "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm1" }, { "binary_name": "libopenjpip-dec-server-dbgsym", "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm1" }, { "binary_name": "libopenjpip-server", "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm1" }, { "binary_name": "libopenjpip-server-dbgsym", "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm1" }, { "binary_name": "libopenjpip-viewer", "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm1" }, { "binary_name": "libopenjpip7", "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm1" }, { "binary_name": "libopenjpip7-dbgsym", "binary_version": "2.3.0-2+deb10u2ubuntu0.1~esm1" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }