Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-27842: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c

There’s a flaw in openjpeg’s t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.

CVE
#sql#linux#red_hat#git

Description Guilherme de Almeida Suckevicz 2020-12-14 16:38:44 UTC

A flaw was found in OpenJPEG. Specially crafted file can lead to an out-of-bounds read in opj_tgt_reset function in lib/openjp2/tgt.c.

Reference: https://github.com/uclouvain/openjpeg/issues/1294

Comment 1 Todd Cullum 2020-12-15 01:30:07 UTC

Acknowledgments:

Name: zodf0055980 (SQLab NCTU Taiwan)

Comment 2 Todd Cullum 2020-12-15 01:35:05 UTC

Created mingw-openjpeg2 tracking bugs for this issue:

Affects: fedora-all [bug 1907682]

Created openjpeg tracking bugs for this issue:

Affects: fedora-all [bug 1907680]

Created openjpeg2 tracking bugs for this issue:

Affects: epel-7 [bug 1907679] Affects: fedora-all [bug 1907681]

Comment 3 Todd Cullum 2020-12-15 01:41:47 UTC

Upstream commit: https://github.com/uclouvain/openjpeg/pull/1296/commits/fbd30b064f8f9607d500437b6fedc41431fd6cdc

Comment 6 Product Security DevOps Team 2021-11-09 17:52:58 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-27842

Comment 7 errata-xmlrpc 2021-11-09 17:56:29 UTC

This issue has been addressed in the following products:

Red Hat Enterprise Linux 8

Via RHSA-2021:4251 https://access.redhat.com/errata/RHSA-2021:4251

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907