A flaw was found in OpenJPEG. Specially crafted input file can lead to a heap-based buffer overflow in opj_t2_encode_packet function in openjp2/t2.c. Reference: https://github.com/uclouvain/openjpeg/issues/1299
Acknowledgments: Name: zodf0055980 (SQLab NCTU Taiwan)
Created mingw-openjpeg2 tracking bugs for this issue: Affects: fedora-all [bug 1907698] Created openjpeg tracking bugs for this issue: Affects: fedora-all [bug 1907697] Created openjpeg2 tracking bugs for this issue: Affects: epel-7 [bug 1907695] Affects: fedora-all [bug 1907696]
Upstream commit: https://github.com/uclouvain/openjpeg/commit/73fdf28342e4594019af26eb6a347a34eceb6296
Mitigation: This flaw can be mitigated by not converting or encoding untrusted input data using openjpeg. For example, just reading a file with openjpeg does not trigger the flaw. Additionally, the fortify protection limits the degree of exploitation that the flaw could be used to achieve.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-27844
This only affects unreleased versions of openjpeg2, specifically newer than https://github.com/uclouvain/openjpeg/commit/4edb8c83374f52cd6a8f2c7c875e8ffacccb5fa5