1901998 – (CVE-2020-27814) CVE-2020-27814 openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS

Bug 1901998 (CVE-2020-27814) - CVE-2020-27814 openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS

Summary: CVE-2020-27814 openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could resu...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2020-27814
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1901999 1902000 1902001 1908965 1908966
Blocks:	1902002
TreeView+	depends on / blocked

Reported:	2020-11-26 15:01 UTC by Michael Kaplan
Modified:	2021-11-09 17:56 UTC (History)
CC List:	5 users (show)
Fixed In Version:	openjpeg 2.4.0
Clone Of:
Environment:
Last Closed:	2021-11-09 17:52:30 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2021:4251	0	None	None	None	2021-11-09 17:56:17 UTC

Description Michael Kaplan 2020-11-26 15:01:35 UTC

A heap-buffer overwrites error was discovered in lib/openjp2/mqc.c in
OpenJPEG 2.3.1. The vulnerability causes an out-of-bounds write, which may
lead to remote denial of service or possibly remote code execution.

Comment 2 Michael Kaplan 2020-11-26 15:02:02 UTC

Created mingw-openjpeg2 tracking bugs for this issue:

Affects: fedora-all [bug 1902001]


Created openjpeg2 tracking bugs for this issue:

Affects: epel-all [bug 1901999]
Affects: fedora-all [bug 1902000]

Comment 4 Michael Kaplan 2020-11-27 13:36:33 UTC

Acknowledgments:

Name: zodf0055980 (SQLab NCTU Taiwan)

Comment 5 Michael Kaplan 2020-11-27 15:54:00 UTC

External References:

https://github.com/uclouvain/openjpeg/issues/1283

Comment 6 Huzaifa S. Sidhpurwala 2020-12-18 04:19:22 UTC

Upstream patches:

https://github.com/uclouvain/openjpeg/commit/15cf3d95814dc931ca0ecb132f81cb152e051bae
https://github.com/uclouvain/openjpeg/commit/eaa098b59b346cb88e4d10d505061f669d7134fc

Comment 8 Product Security DevOps Team 2021-11-09 17:52:28 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-27814

Comment 9 errata-xmlrpc 2021-11-09 17:56:15 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4251 https://access.redhat.com/errata/RHSA-2021:4251

Note You need to log in before you can comment on or make changes to this bug.