Bugzilla – Bug 1180042
VUL-1: CVE-2020-27841: openjpeg,openjpeg2,ghostscript: buffer over-read in lib/openjp2/pi.c
Last modified: 2022-10-27 19:30:31 UTC
CVE-2020-27841 A flaw was found in OpenJPEG. Specially crafted files can lead to multiple heap-based buffer overflows in lib/openjp2/pi.c. References: https://github.com/uclouvain/openjpeg/issues/1293 https://bugzilla.redhat.com/show_bug.cgi?id=1907510 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27841
I did a git bisect and the earliest vulnerable commit is: commit 84f3bebbff515f2b00ccf0c817930ebb10b91760 (refs/bisect/bad) Author: Even Rouault <even.rouault@spatialys.com> Date: Wed Feb 12 15:55:16 2020 +0100 Implement writing of IMF profiles Add -IMF switch to opj_compress as well ---------------------------------------------------------------------- None of the PoCs triggers a buffer over-read without -IMF. SUSE:SLE-12:Update ghostscript Affected [2] SUSE:SLE-12-SP2:Update openjpeg2 Not affected [1] SUSE:SLE-15:Update ghostscript Affected [2] SUSE:SLE-15:Update openjpeg Not affected [1] SUSE:SLE-15:Update openjpeg2 Affected [2] [1] Not reproducible. No IMF support. [2] Not reproducible. No IMF support. Upstream patch applies. Please double-check.
Hi, any update on this?
We decided to WONTFIX the embedded openjpeg2 in ghostscript, since backporting the patches or compiling it with the system openjpeg2 could likely cause regressions. @Hans, we are still missing submissions for: - SUSE:SLE-15:Update/openjpeg2
SUSE-SU-2022:3802-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 1140205,1149789,1179594,1179821,1180042,1180043,1180044,1180046 CVE References: CVE-2018-20846,CVE-2018-21010,CVE-2020-27814,CVE-2020-27824,CVE-2020-27841,CVE-2020-27842,CVE-2020-27843,CVE-2020-27845 JIRA References: Sources used: openSUSE Leap 15.4 (src): openjpeg2-2.3.0-150000.3.8.1 openSUSE Leap 15.3 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Manager Server 4.1 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Manager Retail Branch Server 4.1 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Manager Proxy 4.1 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise Server for SAP 15 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise Server 15-LTSS (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Enterprise Storage 7 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE Enterprise Storage 6 (src): openjpeg2-2.3.0-150000.3.8.1 SUSE CaaS Platform 4.0 (src): openjpeg2-2.3.0-150000.3.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.