Ubuntu
openjpeg package

Fix for CVE-2013-6045 breaks decoding of chroma-subsampled images

Bug #1404084 reported by Benjamin Gilbert on 2014-12-19

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	openjpeg (Debian)	Fix Released	Unknown	debbugs #734238
	openjpeg (Ubuntu)	Won't Fix	Medium	Unassigned

Bug Description

The patch for CVE-2013-6045, as shipped in Ubuntu 10.04, 12.04, and 14.04, disables decoding of images whose first
color component has a higher resolution than subsequent components. This occurs, for example, in YCbCr images with chroma subsampling. This regression does not affect newer Ubuntu releases which ship OpenJPEG 1.5.2 or above.

The original Debian bug report is <https://bugs.debian.org/734238>. Debian released an updated DSA on April 22 to correct the regression (https://lists.debian.org/debian-security-announce/2014/msg00090.html), but the fix has not propagated to Ubuntu.

Tags:

Mathew Hodson (mhodson) on 2017-04-15

tags:	added: regression-update trusty
tags:	added: precise
Changed in openjpeg (Ubuntu):
importance:	Undecided → Medium

Bug Watch Updater (bug-watch-updater) on 2017-04-15

Changed in openjpeg (Debian):
status:	Unknown → Fix Released

Mathew Hodson (mhodson) on 2017-11-01

information type:

Public → Public Security

Marc Deslauriers (mdeslaur) on 2020-07-14

Changed in openjpeg (Ubuntu):
status:	New → Won't Fix

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #734238
[done grave confirmed patch] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntuopenjpeg package

Fix for CVE-2013-6045 breaks decoding of chroma-subsampled images

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
openjpeg package