An openjpeg2 security update has been released for Debian GNU/Linux 8 Extended LTS to address a denial of service issue.
ELA-615-1 openjpeg2 security update
Package openjpeg2
ELA-615-1 openjpeg2 security update
Version 2.1.0-2+deb8u14
Related CVEs CVE-2022-1122
A flaw was found in the opj2_decompress program in openjpeg2 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
For Debian 8 jessie, these problems have been fixed in version 2.1.0-2+deb8u14.
We recommend that you upgrade your openjpeg2 packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
