Bug 1907521 (CVE-2020-27844)
Summary: | CVE-2020-27844 openjpeg: heap-based buffer overflow in opj_t2_encode_packet function in openjp2/t2.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | hobbes1069, jaromir.capik, manisandro, nforro, oliver, rdieter |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | openjpeg 2.4.0 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in openjpeg's src/lib/openjp2/t2.c. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-12-16 04:18:17 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1907695, 1907696, 1907697, 1907698 | ||
Bug Blocks: | 1906158, 1907565 |
Description
Guilherme de Almeida Suckevicz
2020-12-14 16:47:43 UTC
Acknowledgments: Name: zodf0055980 (SQLab NCTU Taiwan) Created mingw-openjpeg2 tracking bugs for this issue: Affects: fedora-all [bug 1907698] Created openjpeg tracking bugs for this issue: Affects: fedora-all [bug 1907697] Created openjpeg2 tracking bugs for this issue: Affects: epel-7 [bug 1907695] Affects: fedora-all [bug 1907696] Upstream commit: https://github.com/uclouvain/openjpeg/commit/73fdf28342e4594019af26eb6a347a34eceb6296 Mitigation: This flaw can be mitigated by not converting or encoding untrusted input data using openjpeg. For example, just reading a file with openjpeg does not trigger the flaw. Additionally, the fortify protection limits the degree of exploitation that the flaw could be used to achieve. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-27844 This only affects unreleased versions of openjpeg2, specifically newer than https://github.com/uclouvain/openjpeg/commit/4edb8c83374f52cd6a8f2c7c875e8ffacccb5fa5 |