Errata overview
Errata ID 453
Date 2019-03-13
Source package openjpeg2
Fixed in version 2.1.2-1.1+deb9u3
This update addresses the following issues:
* Stack-buffer overflow in the pgxtovolume function (CVE-2017-17480)
* Integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c
* There is excessive iteration in the opj_t1_encode_cblks function of
  openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a
  denial of service via a crafted bmp file. (CVE-2018-6616)
* Division-by-zero vulnerabilities in the functions pi_next_pcrl,
  pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c allow remote attackers
  to cause a denial of service (application crash). (CVE-2018-14423)
* NULL pointer dereference for "red" in the imagetopnm function of
  jp2/convert.c (CVE-2018-18088)
Additional notes
CVE ID CVE-2017-17480
UCS Bug number #48951