OESA-2021-1234

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1234
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2021-1234.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2021-1234
Upstream
Published
2021-06-22T11:02:59Z
Modified
2025-08-12T05:06:10.980144Z
Summary
openjpeg2 security update
Details

OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, a still-image compression standard from the Joint Photographic Experts Group (JPEG). Since April 2015, it is officially recognized by ISO/IEC and ITU-T as a JPEG 2000 Reference Software.

Security Fix(es):

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-27823)

A flaw was found in OpenJPEG’s encoder in the opjdwtcalcexplicitstepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.(CVE-2020-27824)

opjt1clbldecodeprocessor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.(CVE-2020-8112)

AOpenJPEG through 2.3.1 has a heap-based buffer overflow in opjt1clbldecodeprocessor in openjp2/t1.c because of lack of opjj2kupdateimagedimensions validation.(CVE-2020-6851)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / openjpeg2

Package

Name
openjpeg2
Purl
pkg:rpm/openEuler/openjpeg2&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.1-6.oe1

Ecosystem specific 

{
    "src": [
        "openjpeg2-2.3.1-6.oe1.src.rpm"
    ],
    "x86_64": [
        "openjpeg2-devel-2.3.1-6.oe1.x86_64.rpm",
        "openjpeg2-debuginfo-2.3.1-6.oe1.x86_64.rpm",
        "openjpeg2-2.3.1-6.oe1.x86_64.rpm",
        "openjpeg2-debugsource-2.3.1-6.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "openjpeg2-devel-2.3.1-6.oe1.aarch64.rpm",
        "openjpeg2-debugsource-2.3.1-6.oe1.aarch64.rpm",
        "openjpeg2-2.3.1-6.oe1.aarch64.rpm",
        "openjpeg2-debuginfo-2.3.1-6.oe1.aarch64.rpm"
    ],
    "noarch": [
        "openjpeg2-help-2.3.1-6.oe1.noarch.rpm"
    ]
}