Bugzilla – Bug 1179594
VUL-0: CVE-2020-27814: ghostscript,openjpeg2: Heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS
Last modified: 2022-10-27 19:30:23 UTC
rh#1901998 A heap-buffer overwrites error was discovered in lib/openjp2/mqc.c in OpenJPEG 2.3.1. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. References: https://bugzilla.redhat.com/show_bug.cgi?id=1901998 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27814 https://access.redhat.com/security/cve/CVE-2020-27814
tracking as follows: ghostscript - SUSE:SLE-12:Update: affected - SUSE:SLE-15:Update: affected openjpeg - SUSE:SLE-15:Update: not affected openjpeg2 - SUSE:SLE-12-SP2:Update: not affected, but would like a second opinion - SUSE:SLE-15:Update: affected regarding SUSE:SLE-12-SP2:Update/openjpeg2: the code change was introduced with 2.1.1 via e05d290 as far as I can tell. So should be similar to bsc#1056351/CVE-2016-10504. Did not get to verify this yet.
Created attachment 844118 [details] reproducer opj_compress -i ./99949026-5860c700-2db5-11eb-9219-2a9f500226ee.png -o ./out.j2k -M 3 from https://github.com/uclouvain/openjpeg/issues/1283
patches, could be squashed into one: https://github.com/uclouvain/openjpeg/commit/eaa098b59b346cb88e4d10d505061f669d7134fc https://github.com/uclouvain/openjpeg/commit/15cf3d95814dc931ca0ecb132f81cb152e051bae https://github.com/zodf0055980/openjpeg/commit/649298dcf84b2f20cfe458d887c1591db47372a6
(In reply to Robert Frohl from comment #1) > tracking as follows: > > ghostscript > - SUSE:SLE-12:Update: affected > - SUSE:SLE-15:Update: affected > > openjpeg > - SUSE:SLE-15:Update: not affected > > openjpeg2 > - SUSE:SLE-12-SP2:Update: not affected, but would like a second opinion > - SUSE:SLE-15:Update: affected > > > regarding SUSE:SLE-12-SP2:Update/openjpeg2: > the code change was introduced with 2.1.1 via e05d290 as far as I can tell. > So should be similar to bsc#1056351/CVE-2016-10504. Did not get to verify > this yet. should mention that this assessment is based on the patch, reproducer does not work for me.
Hi, any update on this?
pong?
I agree that openjpeg is not affected. Couldn't find any indication that SUSE:SLE-12-SP2:Update/openjpeg2 is affected either. SUSE:SLE-15:Update/openjpeg2 is definitely affected.
We decided to WONTFIX the embedded openjpeg2 in ghostscript, since backporting the patches or compiling it with the system openjpeg2 could likely cause regressions. Nothing else to do, closing.
Missed the missing submission for SUSE:SLE-15:Update/openjpeg2. @Hans, what's the status here?
SUSE-SU-2022:3802-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 1140205,1149789,1179594,1179821,1180042,1180043,1180044,1180046 CVE References: CVE-2018-20846,CVE-2018-21010,CVE-2020-27814,CVE-2020-27824,CVE-2020-27841,CVE-2020-27842,CVE-2020-27843,CVE-2020-27845 JIRA References: Sources used: openSUSE Leap 15.4 (src): openjpeg2-2.3.0-150000.3.8.1 openSUSE Leap 15.3 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Manager Server 4.1 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Manager Retail Branch Server 4.1 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Manager Proxy 4.1 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise Server for SAP 15 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise Server 15-LTSS (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Enterprise Storage 7 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Enterprise Storage 6 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE CaaS Platform 4.0 (src): openjpeg2-2.3.0-150000.3.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.