1907510 – (CVE-2020-27841) CVE-2020-27841 openjpeg: heap-based buffer overflows in lib/openjp2/pi.c

Bug 1907510 (CVE-2020-27841) - CVE-2020-27841 openjpeg: heap-based buffer overflows in lib/openjp2/pi.c

Summary: CVE-2020-27841 openjpeg: heap-based buffer overflows in lib/openjp2/pi.c

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2020-27841
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1907672 1907673 1907674 1907675
Blocks:	1906158 1907565
TreeView+	depends on / blocked

Reported:	2020-12-14 16:31 UTC by Guilherme de Almeida Suckevicz
Modified:	2021-02-22 18:33 UTC (History)
CC List:	6 users (show)
Fixed In Version:	openjpeg 2.4.0
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in OpenJPEG in src/lib/openjp2/pi.c. This flaw allows an attacker who can provide crafted input to be processed by the OpenJPEG encoder to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed:	2020-12-16 04:18:14 UTC
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2020-12-14 16:31:40 UTC

A flaw was found in OpenJPEG. Specially crafted files can lead to multiple heap-based buffer overflows in lib/openjp2/pi.c.

Reference:
https://github.com/uclouvain/openjpeg/issues/1293

Comment 1 Todd Cullum 2020-12-15 01:03:52 UTC

Acknowledgments:

Name: zodf0055980 (SQLab NCTU Taiwan)

Comment 2 Todd Cullum 2020-12-15 01:11:28 UTC

Created mingw-openjpeg2 tracking bugs for this issue:

Affects: fedora-all [bug 1907675]


Created openjpeg tracking bugs for this issue:

Affects: fedora-all [bug 1907673]


Created openjpeg2 tracking bugs for this issue:

Affects: epel-7 [bug 1907672]
Affects: fedora-all [bug 1907674]

Comment 5 Todd Cullum 2020-12-15 01:44:41 UTC

Upstream commit: https://github.com/rouault/openjpeg/commit/00383e162ae2f8fc951f5745bf1011771acb8dce

Comment 6 Todd Cullum 2020-12-16 00:44:52 UTC

Statement:

This issue does not affect openjpeg2 as shipped with Red Hat Enterprise Linux 8 because the affected functionality was introduced in the current master but is absent from the shipped release.

Comment 8 Product Security DevOps Team 2020-12-16 04:18:14 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-27841

Comment 9 RaTasha Tillery-Smith 2021-02-22 18:33:31 UTC

Mitigation:

This flaw could be mitigated if OpenJPEG is not used for converting or encoding images, or untrusted input is not provided for these functions.

Note You need to log in before you can comment on or make changes to this bug.