Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-3575 (GCVE-0-2021-3575)
Vulnerability from cvelistv5 – Published: 2022-03-04 17:20 – Updated: 2025-11-03 19:25
VLAI?
EPSS
Summary
A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:25:50.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2021-c1ac2ee5ee",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/"
},
{
"name": "FEDORA-2021-e145f477df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957616"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/uclouvain/openjpeg/issues/1347"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2021-3575"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenJPEG",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Afeects v2.4.0 and prior."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-23T18:15:25.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2021-c1ac2ee5ee",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/"
},
{
"name": "FEDORA-2021-e145f477df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957616"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/uclouvain/openjpeg/issues/1347"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/CVE-2021-3575"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3575",
"datePublished": "2022-03-04T17:20:40.000Z",
"dateReserved": "2021-06-02T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:25:50.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-3575\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-03-04T18:15:08.193\",\"lastModified\":\"2025-11-03T20:15:50.027\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en openjpeg en color.c:379:42 en sycc420_to_rgb cuando es descomprimido un archivo .j2k dise\u00f1ado. Un atacante podr\u00eda usar esto para ejecutar c\u00f3digo arbitrario con los permisos de la aplicaci\u00f3n compilada contra openjpeg\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.4.0\",\"matchCriteriaId\":\"EF45E1A1-20FD-4C31-889F-CE36BE70E370\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1957616\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/uclouvain/openjpeg/issues/1347\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://ubuntu.com/security/CVE-2021-3575\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1957616\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/uclouvain/openjpeg/issues/1347\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/04/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://ubuntu.com/security/CVE-2021-3575\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
WID-SEC-W-2023-2031
Vulnerability from csaf_certbund - Published: 2023-08-09 22:00 - Updated: 2025-10-19 22:00Summary
Xerox FreeFlow Print Server: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
FreeFlow-Druckserver ist eine Druckserveranwendung für Xerox-Produktionsdrucker, die Flexibilität, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "FreeFlow-Druckserver ist eine Druckserveranwendung f\u00fcr Xerox-Produktionsdrucker, die Flexibilit\u00e4t, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2031 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2031.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2031 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2031"
},
{
"category": "external",
"summary": "Xerox Security Bulletin vom 2023-08-09",
"url": "https://security.business.xerox.com/wp-content/uploads/2023/08/cert_XRX23-011_FFPSv7-S11_MediaInstall_Aug2023.pdf"
},
{
"category": "external",
"summary": "Xerox Security Bulletin vom 2023-08-09",
"url": "https://security.business.xerox.com/wp-content/uploads/2023/08/cert_XRX23-012_FFPSv2_Win10_SecurityBulletin_Aug2023.pdf"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX23-013 vom 2023-08-24",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2023/08/Xerox-Security-Bulletin-XRX23-013-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2023-2331 vom 2023-11-02",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2331.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202408-17 vom 2024-08-09",
"url": "https://security.gentoo.org/glsa/202408-17"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-D2D3A5FA79 vom 2025-10-18",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-d2d3a5fa79"
}
],
"source_lang": "en-US",
"title": "Xerox FreeFlow Print Server: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-19T22:00:00.000+00:00",
"generator": {
"date": "2025-10-20T08:43:33.952+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2023-2031",
"initial_release_date": "2023-08-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-08-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-08-24T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2023-11-02T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-08-08T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2025-10-19T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Fedora aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "v2",
"product": {
"name": "Xerox FreeFlow Print Server v2",
"product_id": "T014888",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v2"
}
}
},
{
"category": "product_version",
"name": "v9",
"product": {
"name": "Xerox FreeFlow Print Server v9",
"product_id": "T015632",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v9"
}
}
},
{
"category": "product_version",
"name": "v7 for Solaris",
"product": {
"name": "Xerox FreeFlow Print Server v7 for Solaris",
"product_id": "T029230",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v7_for_solaris"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2004-0687",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2004-0687"
},
{
"cve": "CVE-2020-23903",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2020-23903"
},
{
"cve": "CVE-2020-23904",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2020-23904"
},
{
"cve": "CVE-2021-33621",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2021-33621"
},
{
"cve": "CVE-2021-33657",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2021-33657"
},
{
"cve": "CVE-2021-3575",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2021-3575"
},
{
"cve": "CVE-2021-3618",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2021-3618"
},
{
"cve": "CVE-2021-43618",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2021-43618"
},
{
"cve": "CVE-2022-2097",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-2097"
},
{
"cve": "CVE-2022-21123",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-21123"
},
{
"cve": "CVE-2022-21125",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-21125"
},
{
"cve": "CVE-2022-21127",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-21127"
},
{
"cve": "CVE-2022-21166",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-21166"
},
{
"cve": "CVE-2022-21589",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-21589"
},
{
"cve": "CVE-2022-21592",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-21592"
},
{
"cve": "CVE-2022-21608",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-21608"
},
{
"cve": "CVE-2022-21617",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-21617"
},
{
"cve": "CVE-2022-28805",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-28805"
},
{
"cve": "CVE-2022-30115",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-30115"
},
{
"cve": "CVE-2022-31783",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-31783"
},
{
"cve": "CVE-2022-33099",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-33099"
},
{
"cve": "CVE-2022-3729",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-3729"
},
{
"cve": "CVE-2022-37290",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-37290"
},
{
"cve": "CVE-2022-37434",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-37434"
},
{
"cve": "CVE-2022-39348",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-39348"
},
{
"cve": "CVE-2022-40897",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-40897"
},
{
"cve": "CVE-2022-41716",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-41716"
},
{
"cve": "CVE-2022-41717",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-41717"
},
{
"cve": "CVE-2022-41720",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-41720"
},
{
"cve": "CVE-2022-41722",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-41722"
},
{
"cve": "CVE-2022-41723",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-41723"
},
{
"cve": "CVE-2022-41724",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-41724"
},
{
"cve": "CVE-2022-41725",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-41725"
},
{
"cve": "CVE-2022-42898",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-42898"
},
{
"cve": "CVE-2022-42916",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-42916"
},
{
"cve": "CVE-2022-43551",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-43551"
},
{
"cve": "CVE-2022-43552",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-43552"
},
{
"cve": "CVE-2022-44617",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-44617"
},
{
"cve": "CVE-2022-44792",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-44792"
},
{
"cve": "CVE-2022-44793",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-44793"
},
{
"cve": "CVE-2022-46285",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-46285"
},
{
"cve": "CVE-2022-46663",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-46663"
},
{
"cve": "CVE-2022-46908",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-46908"
},
{
"cve": "CVE-2022-4743",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-4743"
},
{
"cve": "CVE-2022-48303",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-48303"
},
{
"cve": "CVE-2022-4883",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-4883"
},
{
"cve": "CVE-2022-4904",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2022-4904"
},
{
"cve": "CVE-2023-0002",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-0002"
},
{
"cve": "CVE-2023-0215",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-0215"
},
{
"cve": "CVE-2023-0494",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-0494"
},
{
"cve": "CVE-2023-0547",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-0547"
},
{
"cve": "CVE-2023-1161",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-1161"
},
{
"cve": "CVE-2023-1945",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-1945"
},
{
"cve": "CVE-2023-1992",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-1992"
},
{
"cve": "CVE-2023-1993",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-1993"
},
{
"cve": "CVE-2023-1994",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-1994"
},
{
"cve": "CVE-2023-1999",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-1999"
},
{
"cve": "CVE-2023-21526",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21526"
},
{
"cve": "CVE-2023-21756",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21756"
},
{
"cve": "CVE-2023-21911",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21911"
},
{
"cve": "CVE-2023-21912",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21912"
},
{
"cve": "CVE-2023-21919",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21919"
},
{
"cve": "CVE-2023-21920",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21920"
},
{
"cve": "CVE-2023-21929",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21929"
},
{
"cve": "CVE-2023-21933",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21933"
},
{
"cve": "CVE-2023-21935",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21935"
},
{
"cve": "CVE-2023-21940",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21940"
},
{
"cve": "CVE-2023-21945",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21945"
},
{
"cve": "CVE-2023-21946",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21946"
},
{
"cve": "CVE-2023-21947",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21947"
},
{
"cve": "CVE-2023-21953",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21953"
},
{
"cve": "CVE-2023-21955",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21955"
},
{
"cve": "CVE-2023-21962",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21962"
},
{
"cve": "CVE-2023-21966",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21966"
},
{
"cve": "CVE-2023-21972",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21972"
},
{
"cve": "CVE-2023-21976",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21976"
},
{
"cve": "CVE-2023-21977",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21977"
},
{
"cve": "CVE-2023-21980",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21980"
},
{
"cve": "CVE-2023-21982",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21982"
},
{
"cve": "CVE-2023-21995",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-21995"
},
{
"cve": "CVE-2023-22006",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-22006"
},
{
"cve": "CVE-2023-22023",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-22023"
},
{
"cve": "CVE-2023-22036",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-22036"
},
{
"cve": "CVE-2023-22041",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-22041"
},
{
"cve": "CVE-2023-22044",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-22044"
},
{
"cve": "CVE-2023-22045",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-22045"
},
{
"cve": "CVE-2023-22049",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-22049"
},
{
"cve": "CVE-2023-23931",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-23931"
},
{
"cve": "CVE-2023-24021",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-24021"
},
{
"cve": "CVE-2023-24532",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-24532"
},
{
"cve": "CVE-2023-24534",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-24534"
},
{
"cve": "CVE-2023-24536",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-24536"
},
{
"cve": "CVE-2023-24537",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-24537"
},
{
"cve": "CVE-2023-24538",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-24538"
},
{
"cve": "CVE-2023-24539",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-24539"
},
{
"cve": "CVE-2023-24540",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-24540"
},
{
"cve": "CVE-2023-24932",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-24932"
},
{
"cve": "CVE-2023-24998",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-25193",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-25193"
},
{
"cve": "CVE-2023-25652",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-25652"
},
{
"cve": "CVE-2023-25690",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-25690"
},
{
"cve": "CVE-2023-25815",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-25815"
},
{
"cve": "CVE-2023-26767",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-26767"
},
{
"cve": "CVE-2023-26768",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-26768"
},
{
"cve": "CVE-2023-26769",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-26769"
},
{
"cve": "CVE-2023-2731",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-2731"
},
{
"cve": "CVE-2023-27320",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-27320"
},
{
"cve": "CVE-2023-27522",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-27522"
},
{
"cve": "CVE-2023-28005",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-28005"
},
{
"cve": "CVE-2023-28484",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-28484"
},
{
"cve": "CVE-2023-28486",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-28486"
},
{
"cve": "CVE-2023-28487",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-28487"
},
{
"cve": "CVE-2023-28709",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-28709"
},
{
"cve": "CVE-2023-28755",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-28755"
},
{
"cve": "CVE-2023-28756",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-28756"
},
{
"cve": "CVE-2023-29007",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29007"
},
{
"cve": "CVE-2023-29400",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29400"
},
{
"cve": "CVE-2023-29469",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29469"
},
{
"cve": "CVE-2023-29479",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29479"
},
{
"cve": "CVE-2023-29531",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29531"
},
{
"cve": "CVE-2023-29532",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29532"
},
{
"cve": "CVE-2023-29533",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29533"
},
{
"cve": "CVE-2023-29535",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29535"
},
{
"cve": "CVE-2023-29536",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29536"
},
{
"cve": "CVE-2023-29539",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29539"
},
{
"cve": "CVE-2023-29541",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29541"
},
{
"cve": "CVE-2023-29542",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29542"
},
{
"cve": "CVE-2023-29545",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29545"
},
{
"cve": "CVE-2023-29548",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29548"
},
{
"cve": "CVE-2023-29550",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-29550"
},
{
"cve": "CVE-2023-30086",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-30086"
},
{
"cve": "CVE-2023-30608",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-30608"
},
{
"cve": "CVE-2023-30774",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-30774"
},
{
"cve": "CVE-2023-30775",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-30775"
},
{
"cve": "CVE-2023-31047",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-31047"
},
{
"cve": "CVE-2023-31284",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-31284"
},
{
"cve": "CVE-2023-32034",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32034"
},
{
"cve": "CVE-2023-32035",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32035"
},
{
"cve": "CVE-2023-32038",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32038"
},
{
"cve": "CVE-2023-32039",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32039"
},
{
"cve": "CVE-2023-32040",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32040"
},
{
"cve": "CVE-2023-32041",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32041"
},
{
"cve": "CVE-2023-32042",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32042"
},
{
"cve": "CVE-2023-32043",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32043"
},
{
"cve": "CVE-2023-32044",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32044"
},
{
"cve": "CVE-2023-32045",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32045"
},
{
"cve": "CVE-2023-32046",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32046"
},
{
"cve": "CVE-2023-32049",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32049"
},
{
"cve": "CVE-2023-32053",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32053"
},
{
"cve": "CVE-2023-32054",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32054"
},
{
"cve": "CVE-2023-32055",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32055"
},
{
"cve": "CVE-2023-32057",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32057"
},
{
"cve": "CVE-2023-32085",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32085"
},
{
"cve": "CVE-2023-32205",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32205"
},
{
"cve": "CVE-2023-32206",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32206"
},
{
"cve": "CVE-2023-32207",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32207"
},
{
"cve": "CVE-2023-32208",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32208"
},
{
"cve": "CVE-2023-32209",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32209"
},
{
"cve": "CVE-2023-32210",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32210"
},
{
"cve": "CVE-2023-32211",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32211"
},
{
"cve": "CVE-2023-32212",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32212"
},
{
"cve": "CVE-2023-32213",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32213"
},
{
"cve": "CVE-2023-32214",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32214"
},
{
"cve": "CVE-2023-32215",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32215"
},
{
"cve": "CVE-2023-32216",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32216"
},
{
"cve": "CVE-2023-32324",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-32324"
},
{
"cve": "CVE-2023-33134",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33134"
},
{
"cve": "CVE-2023-33154",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33154"
},
{
"cve": "CVE-2023-33157",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33157"
},
{
"cve": "CVE-2023-33160",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33160"
},
{
"cve": "CVE-2023-33164",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33164"
},
{
"cve": "CVE-2023-33166",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33166"
},
{
"cve": "CVE-2023-33167",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33167"
},
{
"cve": "CVE-2023-33168",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33168"
},
{
"cve": "CVE-2023-33169",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33169"
},
{
"cve": "CVE-2023-33172",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33172"
},
{
"cve": "CVE-2023-33173",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33173"
},
{
"cve": "CVE-2023-33174",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-33174"
},
{
"cve": "CVE-2023-34414",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-34414"
},
{
"cve": "CVE-2023-34415",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-34415"
},
{
"cve": "CVE-2023-34416",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-34416"
},
{
"cve": "CVE-2023-34417",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-34417"
},
{
"cve": "CVE-2023-3482",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-3482"
},
{
"cve": "CVE-2023-34981",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-34981"
},
{
"cve": "CVE-2023-35296",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35296"
},
{
"cve": "CVE-2023-35297",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35297"
},
{
"cve": "CVE-2023-35299",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35299"
},
{
"cve": "CVE-2023-35300",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35300"
},
{
"cve": "CVE-2023-35302",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35302"
},
{
"cve": "CVE-2023-35303",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35303"
},
{
"cve": "CVE-2023-35304",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35304"
},
{
"cve": "CVE-2023-35305",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35305"
},
{
"cve": "CVE-2023-35306",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35306"
},
{
"cve": "CVE-2023-35308",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35308"
},
{
"cve": "CVE-2023-35309",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35309"
},
{
"cve": "CVE-2023-35311",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35311"
},
{
"cve": "CVE-2023-35312",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35312"
},
{
"cve": "CVE-2023-35313",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35313"
},
{
"cve": "CVE-2023-35314",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35314"
},
{
"cve": "CVE-2023-35315",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35315"
},
{
"cve": "CVE-2023-35316",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35316"
},
{
"cve": "CVE-2023-35318",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35318"
},
{
"cve": "CVE-2023-35319",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35319"
},
{
"cve": "CVE-2023-35320",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35320"
},
{
"cve": "CVE-2023-35324",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35324"
},
{
"cve": "CVE-2023-35325",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35325"
},
{
"cve": "CVE-2023-35328",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35328"
},
{
"cve": "CVE-2023-35329",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35329"
},
{
"cve": "CVE-2023-35330",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35330"
},
{
"cve": "CVE-2023-35332",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35332"
},
{
"cve": "CVE-2023-35336",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35336"
},
{
"cve": "CVE-2023-35338",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35338"
},
{
"cve": "CVE-2023-35339",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35339"
},
{
"cve": "CVE-2023-35340",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35340"
},
{
"cve": "CVE-2023-35341",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35341"
},
{
"cve": "CVE-2023-35342",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35342"
},
{
"cve": "CVE-2023-35352",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35352"
},
{
"cve": "CVE-2023-35353",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35353"
},
{
"cve": "CVE-2023-35356",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35356"
},
{
"cve": "CVE-2023-35357",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35357"
},
{
"cve": "CVE-2023-35358",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35358"
},
{
"cve": "CVE-2023-35360",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35360"
},
{
"cve": "CVE-2023-35361",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35361"
},
{
"cve": "CVE-2023-35362",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35362"
},
{
"cve": "CVE-2023-35365",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35365"
},
{
"cve": "CVE-2023-35366",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35366"
},
{
"cve": "CVE-2023-35367",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-35367"
},
{
"cve": "CVE-2023-3600",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-3600"
},
{
"cve": "CVE-2023-36871",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-36871"
},
{
"cve": "CVE-2023-36874",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-36874"
},
{
"cve": "CVE-2023-36884",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-36884"
},
{
"cve": "CVE-2023-37201",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37201"
},
{
"cve": "CVE-2023-37202",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37202"
},
{
"cve": "CVE-2023-37203",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37203"
},
{
"cve": "CVE-2023-37204",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37204"
},
{
"cve": "CVE-2023-37205",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37205"
},
{
"cve": "CVE-2023-37206",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37206"
},
{
"cve": "CVE-2023-37207",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37207"
},
{
"cve": "CVE-2023-37208",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37208"
},
{
"cve": "CVE-2023-37209",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37209"
},
{
"cve": "CVE-2023-37210",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37210"
},
{
"cve": "CVE-2023-37211",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37211"
},
{
"cve": "CVE-2023-37212",
"product_status": {
"known_affected": [
"T029230",
"T014888",
"398363",
"T015632",
"T012167",
"74185"
]
},
"release_date": "2023-08-09T22:00:00.000+00:00",
"title": "CVE-2023-37212"
}
]
}
WID-SEC-W-2023-0711
Vulnerability from csaf_certbund - Published: 2022-03-13 23:00 - Updated: 2025-04-01 22:00Summary
OpenJPEG: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die OpenJPEG Bibliothek ist ein in C geschriebener Open Source JPEG 2000 Codec.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenJPEG ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die OpenJPEG Bibliothek ist ein in C geschriebener Open Source JPEG 2000 Codec.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenJPEG ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0711 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2023-0711.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0711 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0711"
},
{
"category": "external",
"summary": "NIST Database vom 2022-03-13",
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3575"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1999 vom 2023-03-22",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1999.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7083-1 vom 2024-11-05",
"url": "https://ubuntu.com/security/notices/USN-7083-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4107 vom 2025-04-02",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00002.html"
}
],
"source_lang": "en-US",
"title": "OpenJPEG: Schwachstelle erm\u00f6glicht Ausf\u00fchren von beliebigem Programmcode mit den Rechten des Dienstes",
"tracking": {
"current_release_date": "2025-04-01T22:00:00.000+00:00",
"generator": {
"date": "2025-04-02T08:26:25.319+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2023-0711",
"initial_release_date": "2022-03-13T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-03-13T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-03-21T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-11-04T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-01T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source OpenJPEG",
"product": {
"name": "Open Source OpenJPEG",
"product_id": "T001792",
"product_identification_helper": {
"cpe": "cpe:/a:openjpeg:openjpeg:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3575",
"product_status": {
"known_affected": [
"2951",
"T000126",
"398363",
"T001792"
]
},
"release_date": "2022-03-13T23:00:00.000+00:00",
"title": "CVE-2021-3575"
}
]
}
GHSA-J3VW-4G3G-WVJC
Vulnerability from github – Published: 2022-03-05 00:00 – Updated: 2025-11-03 21:30
VLAI?
Details
A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2021-3575"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-04T18:15:00Z",
"severity": "HIGH"
},
"details": "A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.",
"id": "GHSA-j3vw-4g3g-wvjc",
"modified": "2025-11-03T21:30:38Z",
"published": "2022-03-05T00:00:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3575"
},
{
"type": "WEB",
"url": "https://github.com/uclouvain/openjpeg/issues/1347"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2021:4251"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2021-3575"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957616"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00002.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP"
},
{
"type": "WEB",
"url": "https://ubuntu.com/security/CVE-2021-3575"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2021-3575
Vulnerability from fkie_nvd - Published: 2022-03-04 18:15 - Updated: 2025-11-03 20:15
Severity ?
Summary
A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uclouvain | openjpeg | * | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF45E1A1-20FD-4C31-889F-CE36BE70E370",
"versionEndIncluding": "2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en openjpeg en color.c:379:42 en sycc420_to_rgb cuando es descomprimido un archivo .j2k dise\u00f1ado. Un atacante podr\u00eda usar esto para ejecutar c\u00f3digo arbitrario con los permisos de la aplicaci\u00f3n compilada contra openjpeg"
}
],
"id": "CVE-2021-3575",
"lastModified": "2025-11-03T20:15:50.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-04T18:15:08.193",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957616"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/uclouvain/openjpeg/issues/1347"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/CVE-2021-3575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/uclouvain/openjpeg/issues/1347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/CVE-2021-3575"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
OPENSUSE-SU-2024:13748-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libopenjp2-7-2.5.2-1.1 on GA media
Notes
Title of the patch
libopenjp2-7-2.5.2-1.1 on GA media
Description of the patch
These are all security issues fixed in the libopenjp2-7-2.5.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13748
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libopenjp2-7-2.5.2-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libopenjp2-7-2.5.2-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13748",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13748-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3575 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3575/"
}
],
"title": "libopenjp2-7-2.5.2-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13748-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.5.2-1.1.aarch64",
"product": {
"name": "libopenjp2-7-2.5.2-1.1.aarch64",
"product_id": "libopenjp2-7-2.5.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-32bit-2.5.2-1.1.aarch64",
"product": {
"name": "libopenjp2-7-32bit-2.5.2-1.1.aarch64",
"product_id": "libopenjp2-7-32bit-2.5.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-x86-64-v3-2.5.2-1.1.aarch64",
"product": {
"name": "libopenjp2-7-x86-64-v3-2.5.2-1.1.aarch64",
"product_id": "libopenjp2-7-x86-64-v3-2.5.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.5.2-1.1.aarch64",
"product": {
"name": "openjpeg2-2.5.2-1.1.aarch64",
"product_id": "openjpeg2-2.5.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.5.2-1.1.aarch64",
"product": {
"name": "openjpeg2-devel-2.5.2-1.1.aarch64",
"product_id": "openjpeg2-devel-2.5.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-doc-2.5.2-1.1.aarch64",
"product": {
"name": "openjpeg2-devel-doc-2.5.2-1.1.aarch64",
"product_id": "openjpeg2-devel-doc-2.5.2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.5.2-1.1.ppc64le",
"product": {
"name": "libopenjp2-7-2.5.2-1.1.ppc64le",
"product_id": "libopenjp2-7-2.5.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-32bit-2.5.2-1.1.ppc64le",
"product": {
"name": "libopenjp2-7-32bit-2.5.2-1.1.ppc64le",
"product_id": "libopenjp2-7-32bit-2.5.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-x86-64-v3-2.5.2-1.1.ppc64le",
"product": {
"name": "libopenjp2-7-x86-64-v3-2.5.2-1.1.ppc64le",
"product_id": "libopenjp2-7-x86-64-v3-2.5.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.5.2-1.1.ppc64le",
"product": {
"name": "openjpeg2-2.5.2-1.1.ppc64le",
"product_id": "openjpeg2-2.5.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.5.2-1.1.ppc64le",
"product": {
"name": "openjpeg2-devel-2.5.2-1.1.ppc64le",
"product_id": "openjpeg2-devel-2.5.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-doc-2.5.2-1.1.ppc64le",
"product": {
"name": "openjpeg2-devel-doc-2.5.2-1.1.ppc64le",
"product_id": "openjpeg2-devel-doc-2.5.2-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.5.2-1.1.s390x",
"product": {
"name": "libopenjp2-7-2.5.2-1.1.s390x",
"product_id": "libopenjp2-7-2.5.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-32bit-2.5.2-1.1.s390x",
"product": {
"name": "libopenjp2-7-32bit-2.5.2-1.1.s390x",
"product_id": "libopenjp2-7-32bit-2.5.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-x86-64-v3-2.5.2-1.1.s390x",
"product": {
"name": "libopenjp2-7-x86-64-v3-2.5.2-1.1.s390x",
"product_id": "libopenjp2-7-x86-64-v3-2.5.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.5.2-1.1.s390x",
"product": {
"name": "openjpeg2-2.5.2-1.1.s390x",
"product_id": "openjpeg2-2.5.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.5.2-1.1.s390x",
"product": {
"name": "openjpeg2-devel-2.5.2-1.1.s390x",
"product_id": "openjpeg2-devel-2.5.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-doc-2.5.2-1.1.s390x",
"product": {
"name": "openjpeg2-devel-doc-2.5.2-1.1.s390x",
"product_id": "openjpeg2-devel-doc-2.5.2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenjp2-7-2.5.2-1.1.x86_64",
"product": {
"name": "libopenjp2-7-2.5.2-1.1.x86_64",
"product_id": "libopenjp2-7-2.5.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-32bit-2.5.2-1.1.x86_64",
"product": {
"name": "libopenjp2-7-32bit-2.5.2-1.1.x86_64",
"product_id": "libopenjp2-7-32bit-2.5.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenjp2-7-x86-64-v3-2.5.2-1.1.x86_64",
"product": {
"name": "libopenjp2-7-x86-64-v3-2.5.2-1.1.x86_64",
"product_id": "libopenjp2-7-x86-64-v3-2.5.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "openjpeg2-2.5.2-1.1.x86_64",
"product": {
"name": "openjpeg2-2.5.2-1.1.x86_64",
"product_id": "openjpeg2-2.5.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-2.5.2-1.1.x86_64",
"product": {
"name": "openjpeg2-devel-2.5.2-1.1.x86_64",
"product_id": "openjpeg2-devel-2.5.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-doc-2.5.2-1.1.x86_64",
"product": {
"name": "openjpeg2-devel-doc-2.5.2-1.1.x86_64",
"product_id": "openjpeg2-devel-doc-2.5.2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.5.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-2.5.2-1.1.aarch64"
},
"product_reference": "libopenjp2-7-2.5.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.5.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-2.5.2-1.1.ppc64le"
},
"product_reference": "libopenjp2-7-2.5.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.5.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-2.5.2-1.1.s390x"
},
"product_reference": "libopenjp2-7-2.5.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-2.5.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-2.5.2-1.1.x86_64"
},
"product_reference": "libopenjp2-7-2.5.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-32bit-2.5.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-32bit-2.5.2-1.1.aarch64"
},
"product_reference": "libopenjp2-7-32bit-2.5.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-32bit-2.5.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-32bit-2.5.2-1.1.ppc64le"
},
"product_reference": "libopenjp2-7-32bit-2.5.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-32bit-2.5.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-32bit-2.5.2-1.1.s390x"
},
"product_reference": "libopenjp2-7-32bit-2.5.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-32bit-2.5.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-32bit-2.5.2-1.1.x86_64"
},
"product_reference": "libopenjp2-7-32bit-2.5.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-x86-64-v3-2.5.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-x86-64-v3-2.5.2-1.1.aarch64"
},
"product_reference": "libopenjp2-7-x86-64-v3-2.5.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-x86-64-v3-2.5.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-x86-64-v3-2.5.2-1.1.ppc64le"
},
"product_reference": "libopenjp2-7-x86-64-v3-2.5.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-x86-64-v3-2.5.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-x86-64-v3-2.5.2-1.1.s390x"
},
"product_reference": "libopenjp2-7-x86-64-v3-2.5.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenjp2-7-x86-64-v3-2.5.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenjp2-7-x86-64-v3-2.5.2-1.1.x86_64"
},
"product_reference": "libopenjp2-7-x86-64-v3-2.5.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.5.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-2.5.2-1.1.aarch64"
},
"product_reference": "openjpeg2-2.5.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.5.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-2.5.2-1.1.ppc64le"
},
"product_reference": "openjpeg2-2.5.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.5.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-2.5.2-1.1.s390x"
},
"product_reference": "openjpeg2-2.5.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-2.5.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-2.5.2-1.1.x86_64"
},
"product_reference": "openjpeg2-2.5.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.5.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-2.5.2-1.1.aarch64"
},
"product_reference": "openjpeg2-devel-2.5.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.5.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-2.5.2-1.1.ppc64le"
},
"product_reference": "openjpeg2-devel-2.5.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.5.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-2.5.2-1.1.s390x"
},
"product_reference": "openjpeg2-devel-2.5.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-2.5.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-2.5.2-1.1.x86_64"
},
"product_reference": "openjpeg2-devel-2.5.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-doc-2.5.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-doc-2.5.2-1.1.aarch64"
},
"product_reference": "openjpeg2-devel-doc-2.5.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-doc-2.5.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-doc-2.5.2-1.1.ppc64le"
},
"product_reference": "openjpeg2-devel-doc-2.5.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-doc-2.5.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-doc-2.5.2-1.1.s390x"
},
"product_reference": "openjpeg2-devel-doc-2.5.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-doc-2.5.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjpeg2-devel-doc-2.5.2-1.1.x86_64"
},
"product_reference": "openjpeg2-devel-doc-2.5.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3575",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3575"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenjp2-7-2.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.5.2-1.1.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.5.2-1.1.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-x86-64-v3-2.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-x86-64-v3-2.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-x86-64-v3-2.5.2-1.1.s390x",
"openSUSE Tumbleweed:libopenjp2-7-x86-64-v3-2.5.2-1.1.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.5.2-1.1.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.5.2-1.1.s390x",
"openSUSE Tumbleweed:openjpeg2-2.5.2-1.1.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.5.2-1.1.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.5.2-1.1.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.5.2-1.1.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.5.2-1.1.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.5.2-1.1.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3575",
"url": "https://www.suse.com/security/cve/CVE-2021-3575"
},
{
"category": "external",
"summary": "SUSE Bug 1187048 for CVE-2021-3575",
"url": "https://bugzilla.suse.com/1187048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenjp2-7-2.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.5.2-1.1.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.5.2-1.1.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-x86-64-v3-2.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-x86-64-v3-2.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-x86-64-v3-2.5.2-1.1.s390x",
"openSUSE Tumbleweed:libopenjp2-7-x86-64-v3-2.5.2-1.1.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.5.2-1.1.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.5.2-1.1.s390x",
"openSUSE Tumbleweed:openjpeg2-2.5.2-1.1.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.5.2-1.1.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.5.2-1.1.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.5.2-1.1.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.5.2-1.1.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.5.2-1.1.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenjp2-7-2.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-2.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-2.5.2-1.1.s390x",
"openSUSE Tumbleweed:libopenjp2-7-2.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.5.2-1.1.s390x",
"openSUSE Tumbleweed:libopenjp2-7-32bit-2.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libopenjp2-7-x86-64-v3-2.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libopenjp2-7-x86-64-v3-2.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libopenjp2-7-x86-64-v3-2.5.2-1.1.s390x",
"openSUSE Tumbleweed:libopenjp2-7-x86-64-v3-2.5.2-1.1.x86_64",
"openSUSE Tumbleweed:openjpeg2-2.5.2-1.1.aarch64",
"openSUSE Tumbleweed:openjpeg2-2.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:openjpeg2-2.5.2-1.1.s390x",
"openSUSE Tumbleweed:openjpeg2-2.5.2-1.1.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-2.5.2-1.1.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-2.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-2.5.2-1.1.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-2.5.2-1.1.x86_64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.5.2-1.1.aarch64",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.5.2-1.1.s390x",
"openSUSE Tumbleweed:openjpeg2-devel-doc-2.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3575"
}
]
}
RHSA-2021:4251
Vulnerability from csaf_redhat - Published: 2021-11-09 17:42 - Updated: 2026-01-06 20:56Summary
Red Hat Security Advisory: openjpeg2 security update
Notes
Topic
An update for openjpeg2 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.
The following packages have been upgraded to a later upstream version: openjpeg2 (2.4.0).
Security Fix(es):
* openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on by the decompressor (CVE-2020-15389)
* openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS (CVE-2020-27814)
* openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode() (CVE-2020-27823)
* openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution (CVE-2021-3575)
* openjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c (CVE-2018-5727)
* openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c (CVE-2018-5785)
* openjpeg: division-by-zero in functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c (CVE-2018-20845)
* openjpeg: integer overflow in function opj_get_encoding_parameters in openjp2/pi.c (CVE-2018-20847)
* openjpeg: denial of service in function opj_t1_encode_cblks in openjp2/t1.c (CVE-2019-12973)
* openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes() (CVE-2020-27824)
* openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (CVE-2020-27842)
* openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (CVE-2020-27843)
* openjpeg: heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (CVE-2020-27845)
* openjpeg: out-of-bounds write due to an integer overflow in opj_compress.c (CVE-2021-29338)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openjpeg2 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.\n\nThe following packages have been upgraded to a later upstream version: openjpeg2 (2.4.0).\n\nSecurity Fix(es):\n\n* openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on by the decompressor (CVE-2020-15389)\n\n* openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS (CVE-2020-27814)\n\n* openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode() (CVE-2020-27823)\n\n* openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution (CVE-2021-3575)\n\n* openjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c (CVE-2018-5727)\n\n* openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c (CVE-2018-5785)\n\n* openjpeg: division-by-zero in functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c (CVE-2018-20845)\n\n* openjpeg: integer overflow in function opj_get_encoding_parameters in openjp2/pi.c (CVE-2018-20847)\n\n* openjpeg: denial of service in function opj_t1_encode_cblks in openjp2/t1.c (CVE-2019-12973)\n\n* openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes() (CVE-2020-27824)\n\n* openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (CVE-2020-27842)\n\n* openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (CVE-2020-27843)\n\n* openjpeg: heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (CVE-2020-27845)\n\n* openjpeg: out-of-bounds write due to an integer overflow in opj_compress.c (CVE-2021-29338)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4251",
"url": "https://access.redhat.com/errata/RHSA-2021:4251"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
},
{
"category": "external",
"summary": "1536552",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536552"
},
{
"category": "external",
"summary": "1537758",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537758"
},
{
"category": "external",
"summary": "1728505",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728505"
},
{
"category": "external",
"summary": "1728509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728509"
},
{
"category": "external",
"summary": "1732270",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732270"
},
{
"category": "external",
"summary": "1852869",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852869"
},
{
"category": "external",
"summary": "1901998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901998"
},
{
"category": "external",
"summary": "1905723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905723"
},
{
"category": "external",
"summary": "1905762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905762"
},
{
"category": "external",
"summary": "1907513",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907513"
},
{
"category": "external",
"summary": "1907516",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907516"
},
{
"category": "external",
"summary": "1907523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907523"
},
{
"category": "external",
"summary": "1950101",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950101"
},
{
"category": "external",
"summary": "1957616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957616"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4251.json"
}
],
"title": "Red Hat Security Advisory: openjpeg2 security update",
"tracking": {
"current_release_date": "2026-01-06T20:56:21+00:00",
"generator": {
"date": "2026-01-06T20:56:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.14"
}
},
"id": "RHSA-2021:4251",
"initial_release_date": "2021-11-09T17:42:07+00:00",
"revision_history": [
{
"date": "2021-11-09T17:42:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-09T17:42:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-06T20:56:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder (v. 8)",
"product": {
"name": "Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openjpeg2-0:2.4.0-4.el8.src",
"product": {
"name": "openjpeg2-0:2.4.0-4.el8.src",
"product_id": "openjpeg2-0:2.4.0-4.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2@2.4.0-4.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openjpeg2-0:2.4.0-4.el8.aarch64",
"product": {
"name": "openjpeg2-0:2.4.0-4.el8.aarch64",
"product_id": "openjpeg2-0:2.4.0-4.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2@2.4.0-4.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"product": {
"name": "openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"product_id": "openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-tools@2.4.0-4.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"product": {
"name": "openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"product_id": "openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-debugsource@2.4.0-4.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"product": {
"name": "openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"product_id": "openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-debuginfo@2.4.0-4.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"product": {
"name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"product_id": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-tools-debuginfo@2.4.0-4.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"product": {
"name": "openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"product_id": "openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-devel@2.4.0-4.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openjpeg2-0:2.4.0-4.el8.ppc64le",
"product": {
"name": "openjpeg2-0:2.4.0-4.el8.ppc64le",
"product_id": "openjpeg2-0:2.4.0-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2@2.4.0-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"product": {
"name": "openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"product_id": "openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-tools@2.4.0-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"product": {
"name": "openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"product_id": "openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-debugsource@2.4.0-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"product": {
"name": "openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"product_id": "openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-debuginfo@2.4.0-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"product": {
"name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"product_id": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-tools-debuginfo@2.4.0-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"product": {
"name": "openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"product_id": "openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-devel@2.4.0-4.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openjpeg2-0:2.4.0-4.el8.i686",
"product": {
"name": "openjpeg2-0:2.4.0-4.el8.i686",
"product_id": "openjpeg2-0:2.4.0-4.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2@2.4.0-4.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"product": {
"name": "openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"product_id": "openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-debugsource@2.4.0-4.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"product": {
"name": "openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"product_id": "openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-debuginfo@2.4.0-4.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"product": {
"name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"product_id": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-tools-debuginfo@2.4.0-4.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-0:2.4.0-4.el8.i686",
"product": {
"name": "openjpeg2-devel-0:2.4.0-4.el8.i686",
"product_id": "openjpeg2-devel-0:2.4.0-4.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-devel@2.4.0-4.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-tools-0:2.4.0-4.el8.i686",
"product": {
"name": "openjpeg2-tools-0:2.4.0-4.el8.i686",
"product_id": "openjpeg2-tools-0:2.4.0-4.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-tools@2.4.0-4.el8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "openjpeg2-0:2.4.0-4.el8.x86_64",
"product": {
"name": "openjpeg2-0:2.4.0-4.el8.x86_64",
"product_id": "openjpeg2-0:2.4.0-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2@2.4.0-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"product": {
"name": "openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"product_id": "openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-tools@2.4.0-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"product": {
"name": "openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"product_id": "openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-debugsource@2.4.0-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"product": {
"name": "openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"product_id": "openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-debuginfo@2.4.0-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"product": {
"name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"product_id": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-tools-debuginfo@2.4.0-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"product": {
"name": "openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"product_id": "openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-devel@2.4.0-4.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openjpeg2-0:2.4.0-4.el8.s390x",
"product": {
"name": "openjpeg2-0:2.4.0-4.el8.s390x",
"product_id": "openjpeg2-0:2.4.0-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2@2.4.0-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-tools-0:2.4.0-4.el8.s390x",
"product": {
"name": "openjpeg2-tools-0:2.4.0-4.el8.s390x",
"product_id": "openjpeg2-tools-0:2.4.0-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-tools@2.4.0-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"product": {
"name": "openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"product_id": "openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-debugsource@2.4.0-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"product": {
"name": "openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"product_id": "openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-debuginfo@2.4.0-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"product": {
"name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"product_id": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-tools-debuginfo@2.4.0-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openjpeg2-devel-0:2.4.0-4.el8.s390x",
"product": {
"name": "openjpeg2-devel-0:2.4.0-4.el8.s390x",
"product_id": "openjpeg2-devel-0:2.4.0-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-devel@2.4.0-4.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"product": {
"name": "openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"product_id": "openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openjpeg2-devel-docs@2.4.0-4.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-0:2.4.0-4.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64"
},
"product_reference": "openjpeg2-0:2.4.0-4.el8.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-0:2.4.0-4.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686"
},
"product_reference": "openjpeg2-0:2.4.0-4.el8.i686",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-0:2.4.0-4.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le"
},
"product_reference": "openjpeg2-0:2.4.0-4.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-0:2.4.0-4.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x"
},
"product_reference": "openjpeg2-0:2.4.0-4.el8.s390x",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-0:2.4.0-4.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src"
},
"product_reference": "openjpeg2-0:2.4.0-4.el8.src",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-0:2.4.0-4.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64"
},
"product_reference": "openjpeg2-0:2.4.0-4.el8.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64"
},
"product_reference": "openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-debuginfo-0:2.4.0-4.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686"
},
"product_reference": "openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le"
},
"product_reference": "openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-debuginfo-0:2.4.0-4.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x"
},
"product_reference": "openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64"
},
"product_reference": "openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-debugsource-0:2.4.0-4.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64"
},
"product_reference": "openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-debugsource-0:2.4.0-4.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686"
},
"product_reference": "openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le"
},
"product_reference": "openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-debugsource-0:2.4.0-4.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x"
},
"product_reference": "openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-debugsource-0:2.4.0-4.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64"
},
"product_reference": "openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-0:2.4.0-4.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64"
},
"product_reference": "openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-0:2.4.0-4.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686"
},
"product_reference": "openjpeg2-devel-0:2.4.0-4.el8.i686",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-0:2.4.0-4.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le"
},
"product_reference": "openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-0:2.4.0-4.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x"
},
"product_reference": "openjpeg2-devel-0:2.4.0-4.el8.s390x",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-0:2.4.0-4.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64"
},
"product_reference": "openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-docs-0:2.4.0-4.el8.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch"
},
"product_reference": "openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-tools-0:2.4.0-4.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64"
},
"product_reference": "openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-tools-0:2.4.0-4.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686"
},
"product_reference": "openjpeg2-tools-0:2.4.0-4.el8.i686",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-tools-0:2.4.0-4.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le"
},
"product_reference": "openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-tools-0:2.4.0-4.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x"
},
"product_reference": "openjpeg2-tools-0:2.4.0-4.el8.s390x",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-tools-0:2.4.0-4.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64"
},
"product_reference": "openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64"
},
"product_reference": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686"
},
"product_reference": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le"
},
"product_reference": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x"
},
"product_reference": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
},
"product_reference": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-0:2.4.0-4.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64"
},
"product_reference": "openjpeg2-0:2.4.0-4.el8.aarch64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-0:2.4.0-4.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686"
},
"product_reference": "openjpeg2-0:2.4.0-4.el8.i686",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-0:2.4.0-4.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le"
},
"product_reference": "openjpeg2-0:2.4.0-4.el8.ppc64le",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-0:2.4.0-4.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x"
},
"product_reference": "openjpeg2-0:2.4.0-4.el8.s390x",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-0:2.4.0-4.el8.src as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src"
},
"product_reference": "openjpeg2-0:2.4.0-4.el8.src",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-0:2.4.0-4.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64"
},
"product_reference": "openjpeg2-0:2.4.0-4.el8.x86_64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64"
},
"product_reference": "openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-debuginfo-0:2.4.0-4.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686"
},
"product_reference": "openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le"
},
"product_reference": "openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-debuginfo-0:2.4.0-4.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x"
},
"product_reference": "openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64"
},
"product_reference": "openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-debugsource-0:2.4.0-4.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64"
},
"product_reference": "openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-debugsource-0:2.4.0-4.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686"
},
"product_reference": "openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le"
},
"product_reference": "openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-debugsource-0:2.4.0-4.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x"
},
"product_reference": "openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-debugsource-0:2.4.0-4.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64"
},
"product_reference": "openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-0:2.4.0-4.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64"
},
"product_reference": "openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-0:2.4.0-4.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686"
},
"product_reference": "openjpeg2-devel-0:2.4.0-4.el8.i686",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-0:2.4.0-4.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le"
},
"product_reference": "openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-0:2.4.0-4.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x"
},
"product_reference": "openjpeg2-devel-0:2.4.0-4.el8.s390x",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-0:2.4.0-4.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64"
},
"product_reference": "openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-devel-docs-0:2.4.0-4.el8.noarch as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch"
},
"product_reference": "openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-tools-0:2.4.0-4.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64"
},
"product_reference": "openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-tools-0:2.4.0-4.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686"
},
"product_reference": "openjpeg2-tools-0:2.4.0-4.el8.i686",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-tools-0:2.4.0-4.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le"
},
"product_reference": "openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-tools-0:2.4.0-4.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x"
},
"product_reference": "openjpeg2-tools-0:2.4.0-4.el8.s390x",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-tools-0:2.4.0-4.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64"
},
"product_reference": "openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64"
},
"product_reference": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686"
},
"product_reference": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le"
},
"product_reference": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x"
},
"product_reference": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
},
"product_reference": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"relates_to_product_reference": "CRB-8.5.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-5727",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2018-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1536552"
}
],
"notes": [
{
"category": "description",
"text": "In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5727"
},
{
"category": "external",
"summary": "RHBZ#1536552",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536552"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5727",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5727"
}
],
"release_date": "2018-01-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:42:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4251"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c"
},
{
"cve": "CVE-2018-5785",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2018-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1537758"
}
],
"notes": [
{
"category": "description",
"text": "In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5785"
},
{
"category": "external",
"summary": "RHBZ#1537758",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537758"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5785",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5785"
}
],
"release_date": "2018-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:42:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4251"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c"
},
{
"cve": "CVE-2018-20845",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"discovery_date": "2019-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1728505"
}
],
"notes": [
{
"category": "description",
"text": "Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: division-by-zero in functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20845"
},
{
"category": "external",
"summary": "RHBZ#1728505",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728505"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20845",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20845"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20845",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20845"
}
],
"release_date": "2019-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:42:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4251"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openjpeg: division-by-zero in functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c"
},
{
"cve": "CVE-2018-20847",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2019-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1728509"
}
],
"notes": [
{
"category": "description",
"text": "An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: integer overflow in function opj_get_encoding_parameters in openjp2/pi.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of openjpeg as shipped with Red Hat Enterprise Linux 7 as they did not include the vulnerable code, due to an older version of the tool being shipped.\nThis issue did not affect the versions of openjpeg2 as shipped with Red Hat Enterprise Linux 7 as they already contain the patched code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20847"
},
{
"category": "external",
"summary": "RHBZ#1728509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728509"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20847",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20847"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20847",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20847"
}
],
"release_date": "2019-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:42:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4251"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openjpeg: integer overflow in function opj_get_encoding_parameters in openjp2/pi.c"
},
{
"cve": "CVE-2019-12973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1732270"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: denial of service in function opj_t1_encode_cblks in openjp2/t1.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12973"
},
{
"category": "external",
"summary": "RHBZ#1732270",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732270"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12973",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12973"
}
],
"release_date": "2019-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:42:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4251"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openjpeg: denial of service in function opj_t1_encode_cblks in openjp2/t1.c"
},
{
"cve": "CVE-2020-15389",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1852869"
}
],
"notes": [
{
"category": "description",
"text": "jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on by the decompressor",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-15389"
},
{
"category": "external",
"summary": "RHBZ#1852869",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852869"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-15389",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15389"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15389",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15389"
}
],
"release_date": "2020-06-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:42:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4251"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on by the decompressor"
},
{
"acknowledgments": [
{
"names": [
"zodf0055980"
],
"organization": "SQLab NCTU Taiwan"
}
],
"cve": "CVE-2020-27814",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2020-11-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1901998"
}
],
"notes": [
{
"category": "description",
"text": "A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-27814"
},
{
"category": "external",
"summary": "RHBZ#1901998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901998"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-27814",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27814"
},
{
"category": "external",
"summary": "https://github.com/uclouvain/openjpeg/issues/1283",
"url": "https://github.com/uclouvain/openjpeg/issues/1283"
}
],
"release_date": "2020-11-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:42:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4251"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS"
},
{
"acknowledgments": [
{
"names": [
"zodf0055980"
],
"organization": "SQLab NCTU Taiwan"
}
],
"cve": "CVE-2020-27823",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2020-11-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1905762"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenJPEG\u2019s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this flaw with Moderate severity because it affects the encoder functionality specifically when performing an image conversion and not general reading of image files.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-27823"
},
{
"category": "external",
"summary": "RHBZ#1905762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-27823",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27823"
}
],
"release_date": "2020-11-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:42:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4251"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by not using openjpeg to convert untrusted image files.",
"product_ids": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode()"
},
{
"acknowledgments": [
{
"names": [
"zodf0055980"
],
"organization": "SQLab NCTU Taiwan"
}
],
"cve": "CVE-2020-27824",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2020-11-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1905723"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenJPEG\u2019s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-27824"
},
{
"category": "external",
"summary": "RHBZ#1905723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905723"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-27824",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27824"
}
],
"release_date": "2020-11-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:42:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4251"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes()"
},
{
"acknowledgments": [
{
"names": [
"zodf0055980"
],
"organization": "SQLab NCTU Taiwan"
}
],
"cve": "CVE-2020-27842",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2020-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1907513"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenJPEG\u2019s t2 encoder. This flaw allows an attacker who can provide crafted input to be processed by OpenJPEG to cause a NULL pointer dereference issue. The highest threat to this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-27842"
},
{
"category": "external",
"summary": "RHBZ#1907513",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907513"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-27842",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27842"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27842",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27842"
}
],
"release_date": "2020-12-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:42:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4251"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c"
},
{
"acknowledgments": [
{
"names": [
"zodf0055980"
],
"organization": "SQLab NCTU Taiwan"
}
],
"cve": "CVE-2020-27843",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2020-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1907516"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenJPEG. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-27843"
},
{
"category": "external",
"summary": "RHBZ#1907516",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907516"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-27843",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27843"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27843",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27843"
}
],
"release_date": "2020-12-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:42:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4251"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c"
},
{
"acknowledgments": [
{
"names": [
"zodf0055980"
],
"organization": "SQLab NCTU Taiwan"
}
],
"cve": "CVE-2020-27845",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2020-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1907523"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the src/lib/openjp2/pi.c function of OpenJPEG. This flaw allows an attacker who can provide untrusted input to OpenJPEG\u2019s conversion/encoding functionality to cause an out-of-bounds read. The highest impact from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-27845"
},
{
"category": "external",
"summary": "RHBZ#1907523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907523"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-27845",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27845"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27845",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27845"
}
],
"release_date": "2020-12-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:42:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4251"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openjpeg: heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c"
},
{
"cve": "CVE-2021-3575",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-05-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1957616"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow was found in OpenJPEG. This flaw allows an attacker to execute arbitrary code with the permissions of the application compiled against OpenJPEG.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3575"
},
{
"category": "external",
"summary": "RHBZ#1957616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957616"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3575",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3575"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3575",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3575"
}
],
"release_date": "2021-05-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:42:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4251"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution"
},
{
"cve": "CVE-2021-29338",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1950101"
}
],
"notes": [
{
"category": "description",
"text": "There is a flaw in the opj2_compress program in openjpeg2. An attacker who is able to submit a large number of image files to be processed in a directory by opj2_compress, could trigger a heap out-of-bounds write due to an integer overflow, which is caused by the large number of image files. The greatest threat posed by this flaw is to confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: out-of-bounds write due to an integer overflow in opj_compress.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects the opj2_compress utility but is not in the openjpeg2 library. Therefore, the attack vector is local to the opj2_compress utility and would require an attacker to convince a user to open a directory with an extremely large number of files using opj2_compress, or a script to be feeding such arbitrary, untrusted files to opj2_compress.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-29338"
},
{
"category": "external",
"summary": "RHBZ#1950101",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950101"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29338",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29338"
}
],
"release_date": "2021-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:42:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4251"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
"CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
"CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openjpeg: out-of-bounds write due to an integer overflow in opj_compress.c"
}
]
}
GSD-2021-3575
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-3575",
"description": "A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.",
"id": "GSD-2021-3575",
"references": [
"https://www.suse.com/security/cve/CVE-2021-3575.html",
"https://access.redhat.com/errata/RHSA-2021:4251",
"https://advisories.mageia.org/CVE-2021-3575.html",
"https://security.archlinux.org/CVE-2021-3575",
"https://linux.oracle.com/cve/CVE-2021-3575.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-3575"
],
"details": "A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.",
"id": "GSD-2021-3575",
"modified": "2023-12-13T01:23:34.897493Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenJPEG",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Afeects v2.4.0 and prior."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-787",
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1957616",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957616"
},
{
"name": "https://github.com/uclouvain/openjpeg/issues/1347",
"refsource": "MISC",
"url": "https://github.com/uclouvain/openjpeg/issues/1347"
},
{
"name": "https://ubuntu.com/security/CVE-2021-3575",
"refsource": "MISC",
"url": "https://ubuntu.com/security/CVE-2021-3575"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c=2.4.0",
"affected_versions": "All versions up to 2.4.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-787",
"CWE-937"
],
"date": "2023-02-12",
"description": "A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.",
"fixed_versions": [
"2.5.0"
],
"identifier": "CVE-2021-3575",
"identifiers": [
"CVE-2021-3575"
],
"not_impacted": "All versions after 2.4.0",
"package_slug": "conan/openjpeg",
"pubdate": "2022-03-04",
"solution": "Upgrade to version 2.5.0 or above.",
"title": "Out-of-bounds Write",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-3575",
"https://bugzilla.redhat.com/show_bug.cgi?id=1957616",
"https://github.com/uclouvain/openjpeg/issues/1347",
"https://ubuntu.com/security/CVE-2021-3575"
],
"uuid": "643f23b7-0c53-4084-9bfd-8111f74913f0"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3575"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1957616",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957616"
},
{
"name": "https://github.com/uclouvain/openjpeg/issues/1347",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/uclouvain/openjpeg/issues/1347"
},
{
"name": "https://ubuntu.com/security/CVE-2021-3575",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/CVE-2021-3575"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/",
"refsource": "MISC",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/",
"refsource": "MISC",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-02-12T23:41Z",
"publishedDate": "2022-03-04T18:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…