MGASA-2021-0216

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0216.html

Import Source

https://advisories.mageia.org/MGASA-2021-0216.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2021-0216

Related

CVE-2021-29338

Published

2021-05-21T22:47:24Z

Modified

2021-05-21T21:42:19Z

Summary

Updated openjpeg2 packages fix a security vulnerability

Details

There is a flaw in the opj2compress program in openjpeg2. An attacker who is able to submit a large number of image files to be processed in a directory by opj2compress, could trigger a heap out-of-bounds write due to an integer overflow, which is caused by the large number of image files. The greatest threat posed by this flaw is to confidentiality, integrity, and availability.

This flaw affects the opj2compress utility but is not in the openjpeg2 library. Therefore, the attack vector is local to the opj2compress utility and would require an attacker to convince a user to open a directory with an extremely large number of files using opj2compress, or a script to be feeding such arbitrary, untrusted files to opj2compress (CVE-2021-29338).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2021-0216

Affected packages