Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). Upstream commit: https://github.com/uclouvain/openjpeg/pull/1168/commits/c5bd64ea146162967c29bd2af0cbb845ba3eaaaf
Created openjpeg tracking bugs for this issue: Affects: fedora-all [bug 1728507] Created openjpeg2 tracking bugs for this issue: Affects: epel-all [bug 1728508]
The patch is already part of openjpeg-2.3.1, which is F28+ and epel7.
Upstream patch: https://github.com/uclouvain/openjpeg/commit/c5bd64ea146162967c29bd2af0cbb845ba3eaaaf
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4251 https://access.redhat.com/errata/RHSA-2021:4251