Описание
An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.
Отчет
This issue did not affect the versions of openjpeg as shipped with Red Hat Enterprise Linux 7 as they did not include the vulnerable code, due to an older version of the tool being shipped. This issue did not affect the versions of openjpeg2 as shipped with Red Hat Enterprise Linux 7 as they already contain the patched code.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | openjpeg | Out of support scope | ||
| Red Hat Enterprise Linux 7 | openjpeg | Not affected | ||
| Red Hat Enterprise Linux 7 | openjpeg2 | Not affected | ||
| Red Hat Enterprise Linux 8 | openjpeg2 | Fixed | RHSA-2021:4251 | 09.11.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS3
Связанные уязвимости
An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.
An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.
An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the functi ...
An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.
Уязвимость функции opj_get_encoding_parameters (openjp2/pi.c) библиотеки для кодирования и декодирования OpenJPEG, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS
4 Medium
CVSS3