The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of OpenJPEG: NULL pointer dereference via opj_tgt_reset

Synthesis of the vulnerability 

An attacker can force a NULL pointer to be dereferenced via opj_tgt_reset() of OpenJPEG, in order to trigger a denial of service.
Vulnerable software: Fedora, Ubuntu.
Severity of this announce: 1/4.
Creation date: 22/12/2020.
Références of this computer vulnerability: CVE-2020-27842, FEDORA-2020-3e00413763, FEDORA-2020-d32853a28d, USN-4685-1, USN-4686-1, VIGILANCE-VUL-34189.

Description of the vulnerability 

An attacker can force a NULL pointer to be dereferenced via opj_tgt_reset() of OpenJPEG, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability bulletin impacts software or systems such as Fedora, Ubuntu.

Our Vigil@nce team determined that the severity of this vulnerability bulletin is low.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this threat note.

Solutions for this threat 

Fedora 32: new mingw-openjpeg2 packages.
New packages are available:
  Fedora 32: mingw-openjpeg2 2.3.1-11.fc32

Fedora 32: new openjpeg2 packages.
New packages are available:
  Fedora 32: openjpeg2 2.3.1-10.fc32

Fedora 33: new mingw-openjpeg2 packages.
New packages are available:
  Fedora 33: mingw-openjpeg2 2.3.1-11.fc33

Fedora 33: new openjpeg2 packages.
New packages are available:
  Fedora 33: openjpeg2 2.3.1-10.fc33

Ubuntu: new ghostscript packages.
New packages are available:
  Ubuntu 18.04 LTS: ghostscript 9.26~dfsg+0-0ubuntu0.18.04.14
  Ubuntu 16.04 LTS: ghostscript 9.26~dfsg+0-0ubuntu0.16.04.14

Ubuntu: new libopenjp packages.
New packages are available:
  Ubuntu 20.10: libopenjp 2.3.1-1ubuntu4.20.10.1
  Ubuntu 20.04 LTS: libopenjp 2.3.1-1ubuntu4.20.04.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a systems vulnerabilities bulletin. The technology watch team tracks security threats targeting the computer system.