Headline
CVE-2020-27842: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c
There’s a flaw in openjpeg’s t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.
Description Guilherme de Almeida Suckevicz 2020-12-14 16:38:44 UTC
A flaw was found in OpenJPEG. Specially crafted file can lead to an out-of-bounds read in opj_tgt_reset function in lib/openjp2/tgt.c.
Reference: https://github.com/uclouvain/openjpeg/issues/1294
Comment 1 Todd Cullum 2020-12-15 01:30:07 UTC
Acknowledgments:
Name: zodf0055980 (SQLab NCTU Taiwan)
Comment 2 Todd Cullum 2020-12-15 01:35:05 UTC
Created mingw-openjpeg2 tracking bugs for this issue:
Affects: fedora-all [bug 1907682]
Created openjpeg tracking bugs for this issue:
Affects: fedora-all [bug 1907680]
Created openjpeg2 tracking bugs for this issue:
Affects: epel-7 [bug 1907679] Affects: fedora-all [bug 1907681]
Comment 3 Todd Cullum 2020-12-15 01:41:47 UTC
Upstream commit: https://github.com/uclouvain/openjpeg/pull/1296/commits/fbd30b064f8f9607d500437b6fedc41431fd6cdc
Comment 6 Product Security DevOps Team 2021-11-09 17:52:58 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2020-27842
Comment 7 errata-xmlrpc 2021-11-09 17:56:29 UTC
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2021:4251 https://access.redhat.com/errata/RHSA-2021:4251