CVE-2020-8112 – openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c
https://notcve.org/view.php?id=CVE-2020-8112
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. La función opj_t1_clbl_decode_processor en el archivo openjp2/t1.c en OpenJPEG versión 2.3.1 hasta el 28-01-2020, presenta un desbordamiento del búfer en la región heap de la memoria en el caso qmfbid==1, un problema diferente de CVE-2020-6851. A heap-based buffer overflow flaw was found in the opj_t1_clbl_decode_processor in openjpeg2. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://access.redhat.com/errata/RHSA-2020:0550 https://access.redhat.com/errata/RHSA-2020:0569 https://access.redhat.com/errata/RHSA-2020:0570 https://access.redhat.com/errata/RHSA-2020:0694 https://github.com/uclouvain/openjpeg/issues/1231 https://lists.debian.org/debian-lts-announce/2020/01/msg00035.html https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFM77GIFWHOECNIERYJQPI2ZJU57GZ • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2020-6851 – openjpeg: Heap-based buffer overflow in opj_t1_clbl_decode_processor()
https://notcve.org/view.php?id=CVE-2020-6851
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. OpenJPEG hasta la versión 2.3.1 tiene un desbordamiento de búfer basado en almacenamiento dinámico en opj_t1_clbl_decode_processor en openjp2 / t1.c debido a la falta de validación de opj_j2k_update_image_dimensions. A heap-based buffer overflow flaw was found in openjpeg in the opj_t1_clbl_decode_processor in libopenjp2.so. Affecting versions through 2.3.1, the highest threat from this vulnerability is to file confidentiality and integrity as well as system availability. • https://access.redhat.com/errata/RHSA-2020:0262 https://access.redhat.com/errata/RHSA-2020:0274 https://access.redhat.com/errata/RHSA-2020:0296 https://github.com/uclouvain/openjpeg/issues/1228 https://lists.debian.org/debian-lts-announce/2020/01/msg00025.html https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACIIDDCKZJEPKTTFILSOSBQL7L3FC6V https://lists.fedoraproject.org/archives/list/pa • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2018-21010
https://notcve.org/view.php?id=CVE-2018-21010
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c. OpenJPEG versiones anteriores a 2.3.1, presenta un desbordamiento del búfer de la pila en la función color_apply_icc_profile en el archivo bin/common/color.c. • https://github.com/uclouvain/openjpeg/commit/2e5ab1d9987831c981ff05862e8ccf1381ed58ea https://lists.debian.org/debian-lts-announce/2019/10/msg00009.html https://security.gentoo.org/glsa/202101-29 https://www.oracle.com//security-alerts/cpujul2021.html • CWE-787: Out-of-bounds Write •
CVE-2019-12973 – openjpeg: denial of service in function opj_t1_encode_cblks in openjp2/t1.c
https://notcve.org/view.php?id=CVE-2019-12973
In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616. En OpenJPEG versión 2.3.1, hay una iteración excesiva en la función opj_t1_encode_cblks de openjp2/t1.c. Los atacantes remotos podrían aprovechar esta vulnerabilidad para causar una denegación de servicio a través de un archivo bmp modificado. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html http://www.securityfocus.com/bid/108900 https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3 https://github.com/uclouvain/openjpeg/pull/1185/commits/cbe7384016083eac16078b359acd7a842253d503 https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html https://security.gentoo.org/glsa/202101-29 https://www.oracle.com//security-alerts • CWE-20: Improper Input Validation CWE-834: Excessive Iteration •
CVE-2018-20847 – openjpeg: integer overflow in function opj_get_encoding_parameters in openjp2/pi.c
https://notcve.org/view.php?id=CVE-2018-20847
An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. Un cálculo incorrecto de p_tx0, p_tx1, p_ty0 y p_ty1 en la función opj_get_encoding_parameters en openjp2/pi.c en OpenJPEG a versión 2.3.0 puede dar lugar a un desbordamiento de enteros. • http://www.securityfocus.com/bid/108921 https://github.com/uclouvain/openjpeg/commit/5d00b719f4b93b1445e6fb4c766b9a9883c57949 https://github.com/uclouvain/openjpeg/issues/431 https://github.com/uclouvain/openjpeg/pull/1168/commits/c58df149900df862806d0e892859b41115875845 https://lists.debian.org/debian-lts-announce/2019/07/msg00010.html https://access.redhat.com/security/cve/CVE-2018-20847 https://bugzilla.redhat.com/show_bug.cgi?id=1728509 • CWE-190: Integer Overflow or Wraparound •