Mageia: 2020-0479 Critical Risk: Openjpeg Memory Corruption Vulnerability

mageia

December 29, 2020

There's a flaw in openjpeg in src/lib/openjp2/pi.c

Summary

There's a flaw in openjpeg in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability (CVE-2020-27841).
There's a flaw in openjpeg's t2 encoder. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability (CVE-2020-27842).
A flaw was found in OpenJPEG. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability (CVE-2020-27843).
There's a flaw in src/lib/openjp2/pi.c of openjpeg. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to applica...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=27903

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/THY4LKGUS3D4XE5YHKLMTPVLURQ7OV57/

- https://www.cve.org/CVERecord?id=CVE-2020-27841

- https://www.cve.org/CVERecord?id=CVE-2020-27842

- https://www.cve.org/CVERecord?id=CVE-2020-27843

- https://www.cve.org/CVERecord?id=CVE-2020-27845

Topics Covered

security advisory high severity buffer overflow software update security fix out-of-bounds read openjpeg mageia application availability

Resolution

SRPMS

- 7/core/openjpeg2-2.3.1-1.6.mga7

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 29 Dec 2020

URL: https://advisories.mageia.org/MGASA-2020-0478.html

Type: security

CVE: CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27845

Topics Covered

security advisory high severity buffer overflow software update security fix out-of-bounds read openjpeg mageia application availability

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia: 2020-0479 Critical Risk: Openjpeg Memory Corruption Vulnerability

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia: 2020-0479 Critical Risk: Openjpeg Memory Corruption Vulnerability

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!