MGASA-2020-0478

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0478.html

Import Source

https://advisories.mageia.org/MGASA-2020-0478.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0478

Related

Published

2020-12-29T11:57:17Z

Modified

2020-12-29T10:51:00Z

Summary

Updated openjpeg2 packages fix security vulnerabilities

Details

There's a flaw in openjpeg in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability (CVE-2020-27841).

There's a flaw in openjpeg's t2 encoder. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability (CVE-2020-27842).

A flaw was found in OpenJPEG. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability (CVE-2020-27843).

There's a flaw in src/lib/openjp2/pi.c of openjpeg. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability (CVE-2020-27845).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2020-0478

Affected packages