A flaw was found in OpenJPEG v2.4.0 in opj2_decompress in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and DoS. Reference: https://github.com/uclouvain/openjpeg/issues/1368 Upstream patch: https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d
Created mingw-openjpeg2 tracking bugs for this issue: Affects: fedora-all [bug 2069370] Created openjpeg2 tracking bugs for this issue: Affects: fedora-all [bug 2069371]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7645 https://access.redhat.com/errata/RHSA-2022:7645
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8207 https://access.redhat.com/errata/RHSA-2022:8207
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-1122