In openjpeg v2.3.1 and prior, there's a heap buffer overflow in opj_tcd_dc_level_shift_encode() causing an out-of-bounds WRITE when crafted input is processed by the encoder and -d option is used.
Upstream patch: https://github.com/uclouvain/openjpeg/commit/b2072402b7e14d22bba6fb8cde2a1e9996e9a919
Name: zodf0055980 (SQLab NCTU Taiwan)
Red Hat Product Security has rated this flaw with Moderate severity because it affects the encoder functionality specifically when performing an image conversion and not general reading of image files.
This flaw can be mitigated by not using openjpeg to convert untrusted image files.
Created openjpeg tracking bugs for this issue:
Affects: fedora-all [bug 1906221]
Created openjpeg2 tracking bugs for this issue:
Affects: epel-all [bug 1906219]
Affects: fedora-all [bug 1906220]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2021:4251 https://access.redhat.com/errata/RHSA-2021:4251