1 |
type: security |
2 |
subject: Updated openjpeg2 packages fix security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2020-27841 |
5 |
- CVE-2020-27842 |
6 |
- CVE-2020-27843 |
7 |
- CVE-2020-27845 |
8 |
src: |
9 |
7: |
10 |
core: |
11 |
- openjpeg2-2.3.1-1.6.mga7 |
12 |
description: | |
13 |
There's a flaw in openjpeg in src/lib/openjp2/pi.c. When an attacker is able to |
14 |
provide crafted input to be processed by the openjpeg encoder, this could cause |
15 |
an out-of-bounds read. The greatest impact from this flaw is to application |
16 |
availability (CVE-2020-27841). |
17 |
|
18 |
There's a flaw in openjpeg's t2 encoder. An attacker who is able to provide |
19 |
crafted input to be processed by openjpeg could cause a null pointer |
20 |
dereference. The highest impact of this flaw is to application availability |
21 |
(CVE-2020-27842). |
22 |
|
23 |
A flaw was found in OpenJPEG. This flaw allows an attacker to provide specially |
24 |
crafted input to the conversion or encoding functionality, causing an |
25 |
out-of-bounds read. The highest threat from this vulnerability is system |
26 |
availability (CVE-2020-27843). |
27 |
|
28 |
There's a flaw in src/lib/openjp2/pi.c of openjpeg. If an attacker is able to |
29 |
provide untrusted input to openjpeg's conversion/encoding functionality, they |
30 |
could cause an out-of-bounds read. The highest impact of this flaw is to |
31 |
application availability (CVE-2020-27845). |
32 |
references: |
33 |
- https://bugs.mageia.org/show_bug.cgi?id=27903 |
34 |
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/THY4LKGUS3D4XE5YHKLMTPVLURQ7OV57/ |
35 |
ID: MGASA-2020-0478 |