A heap-based buffer overflow in the qmfbid==1 case in opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28. Upstream Issue: https://github.com/uclouvain/openjpeg/issues/1231
Created mingw-openjpeg tracking bugs for this issue: Affects: fedora-31 [bug 1800538] Created openjpeg tracking bugs for this issue: Affects: fedora-all [bug 1800540] Created openjpeg2 tracking bugs for this issue: Affects: epel-all [bug 1800537] Affects: fedora-all [bug 1800536] Affects: openstack-rdo [bug 1800542]
Upstream patch: https://github.com/rouault/openjpeg/commit/05f9b91e60debda0e83977e5e63b2e66486f7074 Reproducer: http://www.s3.eurecom.fr/~seba/openjpeg_poc2
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0550 https://access.redhat.com/errata/RHSA-2020:0550
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-8112
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0569 https://access.redhat.com/errata/RHSA-2020:0569
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0570 https://access.redhat.com/errata/RHSA-2020:0570