Bug 1907510 (CVE-2020-27841) - CVE-2020-27841 openjpeg: heap-based buffer overflows in lib/openjp2/pi.c
Summary: CVE-2020-27841 openjpeg: heap-based buffer overflows in lib/openjp2/pi.c
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2020-27841
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1907672 1907673 1907674 1907675
Blocks: 1906158 1907565
TreeView+ depends on / blocked
 
Reported: 2020-12-14 16:31 UTC by Guilherme de Almeida Suckevicz
Modified: 2021-02-22 18:33 UTC (History)
6 users (show)

Fixed In Version: openjpeg 2.4.0
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in OpenJPEG in src/lib/openjp2/pi.c. This flaw allows an attacker who can provide crafted input to be processed by the OpenJPEG encoder to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed: 2020-12-16 04:18:14 UTC


Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2020-12-14 16:31:40 UTC
A flaw was found in OpenJPEG. Specially crafted files can lead to multiple heap-based buffer overflows in lib/openjp2/pi.c.

Reference:
https://github.com/uclouvain/openjpeg/issues/1293

Comment 1 Todd Cullum 2020-12-15 01:03:52 UTC
Acknowledgments:

Name: zodf0055980 (SQLab NCTU Taiwan)

Comment 2 Todd Cullum 2020-12-15 01:11:28 UTC
Created mingw-openjpeg2 tracking bugs for this issue:

Affects: fedora-all [bug 1907675]


Created openjpeg tracking bugs for this issue:

Affects: fedora-all [bug 1907673]


Created openjpeg2 tracking bugs for this issue:

Affects: epel-7 [bug 1907672]
Affects: fedora-all [bug 1907674]

Comment 6 Todd Cullum 2020-12-16 00:44:52 UTC
Statement:

This issue does not affect openjpeg2 as shipped with Red Hat Enterprise Linux 8 because the affected functionality was introduced in the current master but is absent from the shipped release.

Comment 8 Product Security DevOps Team 2020-12-16 04:18:14 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-27841

Comment 9 RaTasha Tillery-Smith 2021-02-22 18:33:31 UTC
Mitigation:

This flaw could be mitigated if OpenJPEG is not used for converting or encoding images, or untrusted input is not provided for these functions.


Note You need to log in before you can comment on or make changes to this bug.