An issue was discovered in Poppler 0.76.1. There is a heap-based buffer over-read in the function JPXStream::init in JPEG2000Stream.cc.
Created poppler tracking bugs for this issue:
Affects: fedora-all [bug 1713585]
It is possible to read and write beyond the limits of a buffer in the JPXStream::init() function in JPEG2000Stream.cc file, because the number of pixels in the image may not correspond to the width * height of the image. The patch checks that the number of pixels (priv->npixels) and the width * height values match.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2019:2713 https://access.redhat.com/errata/RHSA-2019:2713
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):