A flaw was found in OpenJPEG. Specially crafted files can lead to multiple heap-based buffer overflows in lib/openjp2/pi.c.
Name: zodf0055980 (SQLab NCTU Taiwan)
Created mingw-openjpeg2 tracking bugs for this issue:
Affects: fedora-all [bug 1907675]
Created openjpeg tracking bugs for this issue:
Affects: fedora-all [bug 1907673]
Created openjpeg2 tracking bugs for this issue:
Affects: epel-7 [bug 1907672]
Affects: fedora-all [bug 1907674]
Upstream commit: https://github.com/rouault/openjpeg/commit/00383e162ae2f8fc951f5745bf1011771acb8dce
This issue does not affect openjpeg2 as shipped with Red Hat Enterprise Linux 8 because the affected functionality was introduced in the current master but is absent from the shipped release.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
This flaw could be mitigated if OpenJPEG is not used for converting or encoding images, or untrusted input is not provided for these functions.