user/openjpeg: multiple vulnerabilities
Bugzilla ID | 235 |
Alias(es) | CVE-2020-6851, CVE-2020-8112 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-02-24 23:02:41 -0600 |
Modified | 2020-03-09 21:57:06 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Description
CVE-2020-6851: https://nvd.nist.gov/vuln/detail/CVE-2020-6851
OpenJPEG through 2.3.1 has a heap-based buffer overflow in
opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of
opj_j2k_update_image_dimensions validation.
CVE-2020-8112: https://nvd.nist.gov/vuln/detail/CVE-2020-8112
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through
2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a
different issue than CVE-2020-6851.