1800535 – (CVE-2020-8112) CVE-2020-8112 openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c

Bug 1800535 (CVE-2020-8112) - CVE-2020-8112 openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c

Summary: CVE-2020-8112 openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_proce...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2020-8112
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1800536 1800537 1800538 1800540 1800542 1801030 1801031 1801032 1801033 1801034
Blocks:	1800539
TreeView+	depends on / blocked

Reported:	2020-02-07 11:35 UTC by Marian Rehak
Modified:	2023-09-07 21:46 UTC (History)
CC List:	18 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A heap-based buffer overflow flaw was found in the opj_t1_clbl_decode_processor in openjpeg2. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Clone Of:
Environment:
Last Closed:	2020-02-19 14:09:41 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2020:0649	None	None	None	2020-03-02 08:34:34 UTC
Red Hat Product Errata	RHSA-2020:0550	None	None	None	2020-02-19 12:45:57 UTC
Red Hat Product Errata	RHSA-2020:0569	None	None	None	2020-02-24 09:31:43 UTC
Red Hat Product Errata	RHSA-2020:0570	None	None	None	2020-02-24 09:50:59 UTC

Description Marian Rehak 2020-02-07 11:35:19 UTC

A heap-based buffer overflow in the qmfbid==1 case in opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28.

Upstream Issue:

https://github.com/uclouvain/openjpeg/issues/1231

Comment 1 Marian Rehak 2020-02-07 11:36:02 UTC

Created mingw-openjpeg tracking bugs for this issue:

Affects: fedora-31 [bug 1800538]


Created openjpeg tracking bugs for this issue:

Affects: fedora-all [bug 1800540]


Created openjpeg2 tracking bugs for this issue:

Affects: epel-all [bug 1800537]
Affects: fedora-all [bug 1800536]
Affects: openstack-rdo [bug 1800542]

Comment 2 Huzaifa S. Sidhpurwala 2020-02-10 04:26:47 UTC

Upstream patch: https://github.com/rouault/openjpeg/commit/05f9b91e60debda0e83977e5e63b2e66486f7074
Reproducer: http://www.s3.eurecom.fr/~seba/openjpeg_poc2

Comment 6 errata-xmlrpc 2020-02-19 12:45:55 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0550 https://access.redhat.com/errata/RHSA-2020:0550

Comment 7 Product Security DevOps Team 2020-02-19 14:09:41 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-8112

Comment 8 errata-xmlrpc 2020-02-24 09:31:40 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:0569 https://access.redhat.com/errata/RHSA-2020:0569

Comment 9 errata-xmlrpc 2020-02-24 09:50:57 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0570 https://access.redhat.com/errata/RHSA-2020:0570

Note You need to log in before you can comment on or make changes to this bug.