Bug 1957616 (CVE-2021-3575)

Summary: CVE-2021-3575 openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution
Product: [Other] Security Response Reporter: Marian Rehak <mrehak>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: hobbes1069, jaromir.capik, manisandro, nforro, oliver, rdieter
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A heap-based buffer overflow was found in OpenJPEG. This flaw allows an attacker to execute arbitrary code with the permissions of the application compiled against OpenJPEG.
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-09 18:24:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1957617, 1957618, 1957619, 1969279, 1969280    
Bug Blocks: 1957620, 1966991    

Description Marian Rehak 2021-05-06 07:30:41 UTC
Decompressing a crafted .j2k file may lead to heap-buffer-overflow in color.c:379:42 in sycc420_to_rgb.



Comment 1 Marian Rehak 2021-05-06 07:31:12 UTC
Created openjpeg tracking bugs for this issue:

Affects: fedora-all [bug 1957617]

Created openjpeg2 tracking bugs for this issue:

Affects: epel-7 [bug 1957619]
Affects: fedora-all [bug 1957618]

Comment 5 errata-xmlrpc 2021-11-09 17:56:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4251 https://access.redhat.com/errata/RHSA-2021:4251

Comment 6 Product Security DevOps Team 2021-11-09 18:24:10 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):