1728509 – (CVE-2018-20847) CVE-2018-20847 openjpeg: integer overflow in function opj_get_encoding_parameters in openjp2/pi.c

Bug 1728509 (CVE-2018-20847) - CVE-2018-20847 openjpeg: integer overflow in function opj_get_encoding_parameters in openjp2/pi.c

Summary: CVE-2018-20847 openjpeg: integer overflow in function opj_get_encoding_parame...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2018-20847
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1728510 1728511 1730714 1734337
Blocks:	1728516
TreeView+	depends on / blocked

Reported:	2019-07-10 05:59 UTC by Dhananjay Arunesh
Modified:	2021-11-09 17:56 UTC (History)
CC List:	15 users (show)
Fixed In Version:	openjpeg 2.3.1
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-27 10:46:13 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2021:4251	0	None	None	None	2021-11-09 17:56:03 UTC

Description Dhananjay Arunesh 2019-07-10 05:59:45 UTC

An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.

Reference:
https://github.com/uclouvain/openjpeg/issues/431

Upstream commit:
https://github.com/uclouvain/openjpeg/commit/5d00b719f4b93b1445e6fb4c766b9a9883c57949
https://github.com/uclouvain/openjpeg/pull/1168/commits/c58df149900df862806d0e892859b41115875845

Comment 1 Dhananjay Arunesh 2019-07-10 06:00:01 UTC

Created openjpeg2 tracking bugs for this issue:

Affects: epel-all [bug 1728510]

Comment 2 Dhananjay Arunesh 2019-07-10 06:01:11 UTC

Created openjpeg tracking bugs for this issue:

Affects: fedora-all [bug 1728511]

Comment 3 Sandro Mani 2019-07-10 12:16:44 UTC

The patch is already part of openjpeg-2.3.1, which is F28+ and epel7.

Comment 4 Tomas Hoger 2019-07-10 15:16:15 UTC

This bug is not against Fedora and should not have been closed.

Comment 6 Riccardo Schirone 2019-07-17 12:41:15 UTC

Created openjpeg2 tracking bugs for this issue:

Affects: openstack-rdo [bug 1730714]

Comment 8 Riccardo Schirone 2019-07-30 09:31:25 UTC

Statement:

This issue did not affect the versions of openjpeg as shipped with Red Hat Enterprise Linux 7 as they did not include the vulnerable code, due to an older version of the tool being shipped.
This issue did not affect the versions of openjpeg2 as shipped with Red Hat Enterprise Linux 7 as they already contain the patched code.

Comment 14 errata-xmlrpc 2021-11-09 17:56:02 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4251 https://access.redhat.com/errata/RHSA-2021:4251

Note You need to log in before you can comment on or make changes to this bug.