| 1 |
type: security |
| 2 |
subject: Updated openjpeg2 packages fix security vulnerabilities |
| 3 |
CVE: |
| 4 |
- CVE-2020-27841 |
| 5 |
- CVE-2020-27842 |
| 6 |
- CVE-2020-27843 |
| 7 |
- CVE-2020-27845 |
| 8 |
src: |
| 9 |
7: |
| 10 |
core: |
| 11 |
- openjpeg2-2.3.1-1.6.mga7 |
| 12 |
description: | |
| 13 |
There's a flaw in openjpeg in src/lib/openjp2/pi.c. When an attacker is able to |
| 14 |
provide crafted input to be processed by the openjpeg encoder, this could cause |
| 15 |
an out-of-bounds read. The greatest impact from this flaw is to application |
| 16 |
availability (CVE-2020-27841). |
| 17 |
|
| 18 |
There's a flaw in openjpeg's t2 encoder. An attacker who is able to provide |
| 19 |
crafted input to be processed by openjpeg could cause a null pointer |
| 20 |
dereference. The highest impact of this flaw is to application availability |
| 21 |
(CVE-2020-27842). |
| 22 |
|
| 23 |
A flaw was found in OpenJPEG. This flaw allows an attacker to provide specially |
| 24 |
crafted input to the conversion or encoding functionality, causing an |
| 25 |
out-of-bounds read. The highest threat from this vulnerability is system |
| 26 |
availability (CVE-2020-27843). |
| 27 |
|
| 28 |
There's a flaw in src/lib/openjp2/pi.c of openjpeg. If an attacker is able to |
| 29 |
provide untrusted input to openjpeg's conversion/encoding functionality, they |
| 30 |
could cause an out-of-bounds read. The highest impact of this flaw is to |
| 31 |
application availability (CVE-2020-27845). |
| 32 |
references: |
| 33 |
- https://bugs.mageia.org/show_bug.cgi?id=27903 |
| 34 |
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/THY4LKGUS3D4XE5YHKLMTPVLURQ7OV57/ |
| 35 |
ID: MGASA-2020-0478 |
Parent Directory
| 
Revision Log