An issue was discovered in Poppler 0.76.1. There is a heap-based buffer over-read in the function JPXStream::init in JPEG2000Stream.cc. Upstream issue: https://gitlab.freedesktop.org/poppler/poppler/issues/768
Created poppler tracking bugs for this issue: Affects: fedora-all [bug 1713585]
Upstream patch: https://gitlab.freedesktop.org/poppler/poppler/commit/89a5367d49b2556a2635dbb6d48d6a6b182a2c6c
It is possible to read and write beyond the limits of a buffer in the JPXStream::init() function in JPEG2000Stream.cc file, because the number of pixels in the image may not correspond to the width * height of the image. The patch checks that the number of pixels (priv->npixels) and the width * height values match.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2713 https://access.redhat.com/errata/RHSA-2019:2713
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-12293
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1074 https://access.redhat.com/errata/RHSA-2020:1074