urlscan.io logo urlscan.io
SecurityTrails logo

ubuntu.com Open in urlscan Pro
2001:67c:1360:8001::2b  Public Scan

Back to summary
URL: https://ubuntu.com/security/CVE-2021-3575
Submission: On March 15 via api from SE — Scanned from GB

Form analysis 1 forms found in the DOM

/search

<form action="/search" class="p-search-box" id="ubuntu-global-search-form">
  <input type="search" class="p-search-box__input" name="q" placeholder="Search our sites" required="" aria-label="Search our sites">
  <button type="reset" class="p-search-box__reset"><i class="p-icon--close"></i></button>
  <button type="submit" class="p-search-box__button"><i class="p-icon--search">Search</i></button>
</form>

Text Content

Skip to main content
Canonical logo
 * We are hiring
 * Products

PRODUCTS

 * Ubuntu
 * Snapcraft
 * LXD
 * MAAS
 * Charmed OpenStack
 * Charmed Kubernetes
 * Juju
 * Multipass
 * Ubuntu Advantage

ALSO FROM CANONICAL

 * Launchpad
 * Ubuntu Image Service
 * Cloud-init
 * Mir
 * Landscape
 * Netplan
 * DQlite
 * MicroK8s
 * MicroStack

RESOURCES

 * Webinars
 * Tutorials
 * Videos
 * Case studies
 * White papers
 * Docs
 * Training
 * Blog
 * Developer
 * Install
 * Download

ABOUT

 * Ubuntu
 * Canonical
 * Press centre
 * Partners
 * Contact

 * UBUNTU ›
   
   The new standard secure enterprise Linux for servers, desktops, clouds,
   developers and things.

 * SNAPCRAFT ›
   
   The app store with secure packages and ultra-reliable updates for multiple
   Linux distros.
   
    * Login ›
      

 * LXD ›
   
   A pure-container hypervisor. Replace legacy app VMs with containers for speed
   and density

 * MAAS ›
   
   Create a bare-metal cloud with Metal as a Service for IPAM and provisioning

 * CHARMED OPENSTACK ›
   
   Upgrades, maintenance, support, and fully managed options for long-term
   low-cost infra.

 * CHARMED KUBERNETES ›
   
   App portability for K8s on VMware, Amazon, Azure, Google, Oracle, IBM and
   bare metal.

 * JUJU ›
   
   Model-driven multi-cloud operations for applications. On-premise or on-cloud
   SAAS app store, with big data, k8s and openstack solutions

 * MULTIPASS ›
   
   On-demand build-and-test VMs for cloud devs on Windows, Mac and Linux
   desktops

 * UBUNTU ADVANTAGE ›
   
   Extended Security Maintenance, Kernel Livepatch, FIPS, enterprise support and
   certification.
   
    * Your subscriptions ›
    * Support login ›
      

ALSO FROM CANONICAL

LAUNCHPAD ›

The software collaboration platform behind Ubuntu.

 * Login ›
   

UBUNTU IMAGE SERVICE ›

Hardened, standardised or customised Ubuntu images on public clouds and private
infra.

CLOUD-INIT ›

Control and customize your cloud instances on boot and during their lifecycle.

MIR ›

Ultra-fast and lightweight Wayland compositor for secure desktop and device
displays.

LANDSCAPE ›

Updates, package management, repositories, security, and regulatory compliance
for Ubuntu.

NETPLAN ›

Network abstraction for Linux to simplify and standardise complex network
configuration.

DQLITE ›

Fast, embedded, persistent SQL database with Raft consensus.

MICROK8S ›

Small, fast, and fully-conformant Kubernetes for developers and IoT.

MICROSTACK ›

Single-node OpenStack for developers and IoT.

RESOURCES

 * Webinars
 * Tutorials
 * Videos
 * Case studies
 * White papers
 * Docs
 * Training
 * Blog
 * Developer
 * Install
 * Download

ABOUT

 * Ubuntu
 * Canonical
 * Press centre
 * Partners
 * Contact


Sign in
 * Enterprise
 * Developer
 * Community
 * Download

 * OpenStack
 * Kubernetes
 * Desktop
 * IoT
 * Support
 * Downloads

 * Search
 * Sign in

Search



Your submission was sent successfully! Close

SECURITY

 * Overview
 * Certifications
 * Notices
 * CVEs


CVE-2021-3575

Published: 4 March 2022

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in
sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use
this to execute arbitrary code with the permissions of the application compiled
against openjpeg.

Priority

LOW


STATUS

Package Release Status blender
Launchpad, Ubuntu, Debian bionic Deferred

(2022-01-05)
focal Deferred

(2022-01-05)
groovy Ignored

(reached end-of-life)
hirsute Ignored

(reached end-of-life)
impish Deferred

(2022-01-05)
trusty Does not exist


upstream Needs triage


xenial Ignored

(end of standard support, was deferred [2022-01-05])
ghostscript
Launchpad, Ubuntu, Debian bionic Deferred

(2022-01-05)
focal Not vulnerable

(uses system openjpeg2)
groovy Not vulnerable

(uses system openjpeg2)
hirsute Not vulnerable

(uses system openjpeg2)
impish Not vulnerable

(uses system openjpeg2)
trusty Does not exist


upstream Needs triage


xenial Needs triage


insighttoolkit4
Launchpad, Ubuntu, Debian bionic Deferred

(2022-01-05)
focal Deferred

(2022-01-05)
groovy Ignored

(reached end-of-life)
hirsute Ignored

(reached end-of-life)
impish Deferred

(2022-01-05)
trusty Does not exist


upstream Needs triage


xenial Ignored

(end of standard support, was deferred [2022-01-05])
openjpeg
Launchpad, Ubuntu, Debian bionic Does not exist


focal Does not exist


groovy Does not exist


hirsute Does not exist


impish Does not exist


trusty Deferred

(2022-01-05)
upstream Needs triage


xenial Ignored

(end of standard support, was deferred [2022-01-05])
openjpeg2
Launchpad, Ubuntu, Debian bionic Deferred

(2022-01-05)
focal Deferred

(2022-01-05)
groovy Ignored

(reached end-of-life)
hirsute Ignored

(reached end-of-life)
impish Deferred

(2022-01-05)
trusty Does not exist


upstream Needs triage


xenial Ignored

(end of standard support, was deferred [2022-01-05])
qtwebengine-opensource-src
Launchpad, Ubuntu, Debian bionic Deferred

(2022-01-05)
focal Deferred

(2022-01-05)
groovy Ignored

(reached end-of-life)
hirsute Ignored

(reached end-of-life)
impish Deferred

(2022-01-05)
trusty Does not exist


upstream Needs triage


xenial Does not exist


texmaker
Launchpad, Ubuntu, Debian bionic Deferred

(2022-01-05)
focal Deferred

(2022-01-05)
groovy Ignored

(reached end-of-life)
hirsute Ignored

(reached end-of-life)
impish Deferred

(2022-01-05)
trusty Does not exist


upstream Needs triage


xenial Ignored

(end of standard support, was deferred [2022-01-05])



NOTES

AuthorNote mdeslaur

as of 2022-01-05, the proposed pull as not been commited


REFERENCES

 * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3575
 * NVD
 * Launchpad
 * Debian


BUGS

 * https://github.com/uclouvain/openjpeg/issues/1347
 * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989775


JOIN THE DISCUSSION

 * Ubuntu security updates mailing list
 * Security announcements mailing list


CANONICAL IS OFFERING EXTENDED SECURITY MAINTENANCE

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security
fixes and essential packages.

Find out more about ESM ›


FURTHER READING

 * Ubuntu Pro 20.04 FIPS is now available for AWS, Azure and GCP
 * Building and running FIPS containers on Ubuntu 18.04
 * Enabling Ubuntu FIPS 140 in air-gapped environments
 * CIS benchmark compliance: Introducing the Ubuntu Security Guide
 * Log4Shell: Log4j remote code execution vulnerability

Back to top


 * OPENSTACK
   
   * What is OpenStack
   * Features
   * Managed
   * Consulting
   * Compare
   * Cost calculator
   * Install
   * Docs
   * Tutorials
   * Support


 * CEPH
   
   * What is Ceph
   * Managed
   * Consulting
   * Docs
   * Install


 * MANAGED
   
   * OpenStack
   * Kubernetes
   * Ceph
   * Apps
   * Observability


 * KUBERNETES
   
   * What is Kubernetes
   * Features
   * Managed
   * Compare
   * Install
   * Docs


 * AI / ML
   
   * What is Kubeflow
   * Services


 * ROBOTICS
   
   * ROS ESM
   * What is ROS
   * Community


 * CLOUD
   
   * What is private cloud
   * What is hybrid cloud
   * What is multi-cloud
   * Public cloud


 * IOT
   
   * Digital signage
   * Gateways
   * App store
   * Embedded Linux
   * Automotive
   * EdgeX
   * Networking
   * Smart city
   * Management


 * RASPBERRY PI
   
   * Desktop
   * Server


 * CORE
   
   * Docs
   * Tutorials
   * Features
   * Success stories
   * Consulting


 * DESKTOP
   
   * Features
   * Organisations
   * Developers
   * Partners
   * Statistics


 * SERVER
   
   * Hyperscale
   * Docs


 * SECURITY
   
   * ESM
   * Livepatch
   * Certifications & Hardening
   * CVEs
   * Notices
   * OVAL
   * Docker Images


 * DOWNLOADS
   
   * Cloud
   * IoT
   * Raspberry Pi
   * Server
   * Desktop
   * Xilinx
   * Alternative downloads
   * Ubuntu flavours


 * OBSERVABILITY
   
   * What is observability
   * Managed


 * APPLIANCE
   
   * About
   * Portfolio
   * Community
   * Hardware
   * Virtual machines


 * SUPPORT
   
   * Your subscriptions
   * Account users
   * Community support


 * PRICING
   
   * Support
   * Consulting
   * Devices


 * SECTORS
   
   * Industrial
   * Government
   * Telco
   * Finance
 * * Containers
   * Tutorials
   * 16-04
   * Model-driven operations

--------------------------------------------------------------------------------

 * Contact us
 * Contact us
 * About us
 * Community
 * Careers
 * Blog
 * Resources
 * Press centre

© 2022 Canonical Ltd. Ubuntu and Canonical are registered trademarks of
Canonical Ltd.

 * Legal information
 * Data privacy
 * Manage your tracker settings
 * Report a bug on this site

 * 
 * 
 * 
 * 

Go to the top of the page


YOUR TRACKER SETTINGS

We use cookies and similar methods to recognise visitors and remember
preferences. We also use them to measure campaign effectiveness and analyse site
traffic.

By selecting ‘Accept‘, you consent to the use of these methods by us and trusted
third parties.

For further details or to change your consent choices at any time see our cookie
policy.

Accept all and visit site Manage your tracker settings