An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. Reference: https://github.com/uclouvain/openjpeg/issues/431 Upstream commit: https://github.com/uclouvain/openjpeg/commit/5d00b719f4b93b1445e6fb4c766b9a9883c57949 https://github.com/uclouvain/openjpeg/pull/1168/commits/c58df149900df862806d0e892859b41115875845
Created openjpeg2 tracking bugs for this issue: Affects: epel-all [bug 1728510]
Created openjpeg tracking bugs for this issue: Affects: fedora-all [bug 1728511]
The patch is already part of openjpeg-2.3.1, which is F28+ and epel7.
This bug is not against Fedora and should not have been closed.
Created openjpeg2 tracking bugs for this issue: Affects: openstack-rdo [bug 1730714]
Statement: This issue did not affect the versions of openjpeg as shipped with Red Hat Enterprise Linux 7 as they did not include the vulnerable code, due to an older version of the tool being shipped. This issue did not affect the versions of openjpeg2 as shipped with Red Hat Enterprise Linux 7 as they already contain the patched code.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4251 https://access.redhat.com/errata/RHSA-2021:4251