cvelistv5 - cve-2020-27814

cve-2020-27814

Vulnerability from cvelistv5

Published

2021-01-25 18:38

Modified

2024-08-04 16:25

Severity ?

Summary

A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.

References

URL	Tags
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1901998	Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com	https://github.com/uclouvain/openjpeg/issues/1283	Exploit, Issue Tracking, Third Party Advisory
secalert@redhat.com	https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html	Mailing List, Third Party Advisory
secalert@redhat.com	https://security.gentoo.org/glsa/202101-29	Third Party Advisory
secalert@redhat.com	https://www.debian.org/security/2021/dsa-4882	Third Party Advisory
secalert@redhat.com	https://www.oracle.com//security-alerts/cpujul2021.html	Third Party Advisory

Impacted products

▼	Vendor	Product
	n/a	openjpeg

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:25:43.722Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901998"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/uclouvain/openjpeg/issues/1283"
          },
          {
            "name": "GLSA-202101-29",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-29"
          },
          {
            "name": "[debian-lts-announce] 20210208 [SECURITY] [DLA 2550-1] openjpeg2 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html"
          },
          {
            "name": "DSA-4882",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4882"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "openjpeg",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before openjpeg 2.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T22:54:49",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901998"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/uclouvain/openjpeg/issues/1283"
        },
        {
          "name": "GLSA-202101-29",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-29"
        },
        {
          "name": "[debian-lts-announce] 20210208 [SECURITY] [DLA 2550-1] openjpeg2 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html"
        },
        {
          "name": "DSA-4882",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4882"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-27814",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "openjpeg",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before openjpeg 2.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-122"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1901998",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901998"
            },
            {
              "name": "https://github.com/uclouvain/openjpeg/issues/1283",
              "refsource": "MISC",
              "url": "https://github.com/uclouvain/openjpeg/issues/1283"
            },
            {
              "name": "GLSA-202101-29",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-29"
            },
            {
              "name": "[debian-lts-announce] 20210208 [SECURITY] [DLA 2550-1] openjpeg2 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html"
            },
            {
              "name": "DSA-4882",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4882"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-27814",
    "datePublished": "2021-01-25T18:38:36",
    "dateReserved": "2020-10-27T00:00:00",
    "dateUpdated": "2024-08-04T16:25:43.722Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-27814\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-01-26T18:15:46.613\",\"lastModified\":\"2022-10-07T02:22:31.727\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un desbordamiento del b\u00fafer en la manera en que openjpeg2 manejaba determinados archivos en formato PNG.\u0026#xa0;Un atacante podr\u00eda usar este fallo para causar el bloqueo de una aplicaci\u00f3n o, en algunos casos, ejecutar c\u00f3digo arbitrario con el permiso del usuario que ejecuta dicha aplicaci\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.1\",\"matchCriteriaId\":\"3BF1502F-A671-401F-878A-46E9EA7FF019\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.4.0\",\"matchCriteriaId\":\"94168F56-A0BD-4B60-BE24-BFA39A72DABE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1901998\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/uclouvain/openjpeg/issues/1283\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202101-29\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4882\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

gsd-2020-27814

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2020-27814

Aliases

CVE-2020-27814

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-27814",
    "description": "A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.",
    "id": "GSD-2020-27814",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-27814.html",
      "https://www.debian.org/security/2021/dsa-4882",
      "https://access.redhat.com/errata/RHSA-2021:4251",
      "https://ubuntu.com/security/CVE-2020-27814",
      "https://advisories.mageia.org/CVE-2020-27814.html",
      "https://security.archlinux.org/CVE-2020-27814",
      "https://linux.oracle.com/cve/CVE-2020-27814.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-27814"
      ],
      "details": "A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.",
      "id": "GSD-2020-27814",
      "modified": "2023-12-13T01:22:11.035400Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2020-27814",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "openjpeg",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "before openjpeg 2.4.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-122"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1901998",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901998"
          },
          {
            "name": "https://github.com/uclouvain/openjpeg/issues/1283",
            "refsource": "MISC",
            "url": "https://github.com/uclouvain/openjpeg/issues/1283"
          },
          {
            "name": "GLSA-202101-29",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202101-29"
          },
          {
            "name": "[debian-lts-announce] 20210208 [SECURITY] [DLA 2550-1] openjpeg2 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html"
          },
          {
            "name": "DSA-4882",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2021/dsa-4882"
          },
          {
            "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c=1.5.1||\u003e=2.0.0 \u003c2.4.0",
          "affected_versions": "All versions up to 1.5.1, all versions starting from 2.0.0 before 2.4.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-122",
            "CWE-937"
          ],
          "date": "2021-07-20",
          "description": "A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.",
          "fixed_versions": [
            "2.4.0"
          ],
          "identifier": "CVE-2020-27814",
          "identifiers": [
            "CVE-2020-27814"
          ],
          "not_impacted": "All versions after 1.5.1 before 2.0.0, all versions starting from 2.4.0",
          "package_slug": "conan/openjpeg",
          "pubdate": "2021-01-26",
          "solution": "Upgrade to version 2.4.0 or above.",
          "title": "Heap-based Buffer Overflow",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-27814",
            "https://bugzilla.redhat.com/show_bug.cgi?id=1901998",
            "https://github.com/uclouvain/openjpeg/issues/1283"
          ],
          "uuid": "a8861d03-d53f-4c94-bcac-e03e233eb8d0"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.4.0",
                "versionStartIncluding": "2.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-27814"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-122"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1901998",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901998"
            },
            {
              "name": "GLSA-202101-29",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202101-29"
            },
            {
              "name": "https://github.com/uclouvain/openjpeg/issues/1283",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://github.com/uclouvain/openjpeg/issues/1283"
            },
            {
              "name": "[debian-lts-announce] 20210208 [SECURITY] [DLA 2550-1] openjpeg2 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html"
            },
            {
              "name": "DSA-4882",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4882"
            },
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-10-07T02:22Z",
      "publishedDate": "2021-01-26T18:15Z"
    }
  }
}

ghsa-2rjp-9cc6-3v2j

Vulnerability from github

Published

2022-05-24 17:40

Modified

2022-10-07 18:16

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-27814"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-26T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.",
  "id": "GHSA-2rjp-9cc6-3v2j",
  "modified": "2022-10-07T18:16:03Z",
  "published": "2022-05-24T17:40:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27814"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uclouvain/openjpeg/issues/1283"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901998"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202101-29"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4882"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

wid-sec-w-2022-1880

Vulnerability from csaf_certbund

Published

2020-12-29 23:00

Modified

2023-03-15 23:00

Summary

OpenJPEG: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit Benutzerrechten

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Die OpenJPEG Bibliothek ist ein in C geschriebener Open Source JPEG 2000 Codec.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenJPEG ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen.

Betroffene Betriebssysteme

- UNIX - Linux - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die OpenJPEG Bibliothek ist ein in C geschriebener Open Source JPEG 2000 Codec.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenJPEG ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-1880 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-1880.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-1880 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1880"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5952-1 vom 2023-03-15",
        "url": "https://ubuntu.com/security/notices/USN-5952-1"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4882 vom 2021-04-02",
        "url": "https://www.debian.org/security/2021/dsa-4882"
      },
      {
        "category": "external",
        "summary": "https://github.com/uclouvain/openjpeg/blob/v2.4.0/CHANGELOG.md vom 2020-12-29",
        "url": "https://github.com/uclouvain/openjpeg/blob/v2.4.0/CHANGELOG.md"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4685-1 vom 2021-01-07",
        "url": "https://ubuntu.com/security/notices/USN-4685-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4686-1 vom 2021-01-07",
        "url": "https://ubuntu.com/security/notices/USN-4686-1"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2550 vom 2021-02-08",
        "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4880-1 vom 2021-03-16",
        "url": "https://ubuntu.com/security/notices/USN-4880-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:4251 vom 2021-11-09",
        "url": "https://access.redhat.com/errata/RHSA-2021:4251"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2022-1741 vom 2022-01-27",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1741.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:1129-1 vom 2022-04-07",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010666.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2975 vom 2022-04-10",
        "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:1252-1 vom 2022-04-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010745.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:1296-1 vom 2022-04-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010791.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:3801-1 vom 2022-10-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012730.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:3802-1 vom 2022-10-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012731.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:4082-1 vom 2022-11-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/012995.html"
      }
    ],
    "source_lang": "en-US",
    "title": "OpenJPEG: Mehrere Schwachstellen erm\u00f6glichen Ausf\u00fchren von beliebigem Programmcode mit Benutzerrechten",
    "tracking": {
      "current_release_date": "2023-03-15T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:02:00.700+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2022-1880",
      "initial_release_date": "2020-12-29T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2020-12-29T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2021-01-05T23:00:00.000+00:00",
          "number": "2",
          "summary": "CVE Nummern aufgenommen"
        },
        {
          "date": "2021-01-07T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2021-02-08T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-03-15T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2021-04-05T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-05-13T22:00:00.000+00:00",
          "number": "7",
          "summary": "CVE erg\u00e4nzt"
        },
        {
          "date": "2021-11-09T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-01-27T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2022-04-07T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-04-10T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2022-04-19T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-04-21T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-10-27T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-11-20T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-03-15T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        }
      ],
      "status": "final",
      "version": "16"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source OpenJPEG \u003c 2.4.0",
            "product": {
              "name": "Open Source OpenJPEG \u003c 2.4.0",
              "product_id": "T001792",
              "product_identification_helper": {
                "cpe": "cpe:/a:openjpeg:openjpeg:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-15389",
      "notes": [
        {
          "category": "description",
          "text": "In OpenJPEG existieren mehrere Schwachstellen. Diese bestehen aufgrund von Puffer\u00fcberl\u00e4ufen und \"use-after-free\" Fehlern. Ein entfernter anonymer Angreifer kann das ausnutzen, um beliebigen Code mit den Rechten des angegriffenen Nutzers zur Ausf\u00fchrung zu bringen. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte Datei zu \u00f6ffnen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "398363"
        ]
      },
      "release_date": "2020-12-29T23:00:00Z",
      "title": "CVE-2020-15389"
    },
    {
      "cve": "CVE-2020-27814",
      "notes": [
        {
          "category": "description",
          "text": "In OpenJPEG existieren mehrere Schwachstellen. Diese bestehen aufgrund von Puffer\u00fcberl\u00e4ufen und \"use-after-free\" Fehlern. Ein entfernter anonymer Angreifer kann das ausnutzen, um beliebigen Code mit den Rechten des angegriffenen Nutzers zur Ausf\u00fchrung zu bringen. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte Datei zu \u00f6ffnen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "398363"
        ]
      },
      "release_date": "2020-12-29T23:00:00Z",
      "title": "CVE-2020-27814"
    },
    {
      "cve": "CVE-2020-27823",
      "notes": [
        {
          "category": "description",
          "text": "In OpenJPEG existieren mehrere Schwachstellen. Diese bestehen aufgrund von Puffer\u00fcberl\u00e4ufen und \"use-after-free\" Fehlern. Ein entfernter anonymer Angreifer kann das ausnutzen, um beliebigen Code mit den Rechten des angegriffenen Nutzers zur Ausf\u00fchrung zu bringen. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte Datei zu \u00f6ffnen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "398363"
        ]
      },
      "release_date": "2020-12-29T23:00:00Z",
      "title": "CVE-2020-27823"
    },
    {
      "cve": "CVE-2020-27824",
      "notes": [
        {
          "category": "description",
          "text": "In OpenJPEG existieren mehrere Schwachstellen. Diese bestehen aufgrund von Puffer\u00fcberl\u00e4ufen und \"use-after-free\" Fehlern. Ein entfernter anonymer Angreifer kann das ausnutzen, um beliebigen Code mit den Rechten des angegriffenen Nutzers zur Ausf\u00fchrung zu bringen. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte Datei zu \u00f6ffnen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "398363"
        ]
      },
      "release_date": "2020-12-29T23:00:00Z",
      "title": "CVE-2020-27824"
    },
    {
      "cve": "CVE-2020-27841",
      "notes": [
        {
          "category": "description",
          "text": "In OpenJPEG existieren mehrere Schwachstellen. Diese bestehen aufgrund von Puffer\u00fcberl\u00e4ufen und \"use-after-free\" Fehlern. Ein entfernter anonymer Angreifer kann das ausnutzen, um beliebigen Code mit den Rechten des angegriffenen Nutzers zur Ausf\u00fchrung zu bringen. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte Datei zu \u00f6ffnen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "398363"
        ]
      },
      "release_date": "2020-12-29T23:00:00Z",
      "title": "CVE-2020-27841"
    },
    {
      "cve": "CVE-2020-27842",
      "notes": [
        {
          "category": "description",
          "text": "In OpenJPEG existieren mehrere Schwachstellen. Diese bestehen aufgrund von Puffer\u00fcberl\u00e4ufen und \"use-after-free\" Fehlern. Ein entfernter anonymer Angreifer kann das ausnutzen, um beliebigen Code mit den Rechten des angegriffenen Nutzers zur Ausf\u00fchrung zu bringen. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte Datei zu \u00f6ffnen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "398363"
        ]
      },
      "release_date": "2020-12-29T23:00:00Z",
      "title": "CVE-2020-27842"
    },
    {
      "cve": "CVE-2020-27843",
      "notes": [
        {
          "category": "description",
          "text": "In OpenJPEG existieren mehrere Schwachstellen. Diese bestehen aufgrund von Puffer\u00fcberl\u00e4ufen und \"use-after-free\" Fehlern. Ein entfernter anonymer Angreifer kann das ausnutzen, um beliebigen Code mit den Rechten des angegriffenen Nutzers zur Ausf\u00fchrung zu bringen. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte Datei zu \u00f6ffnen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "398363"
        ]
      },
      "release_date": "2020-12-29T23:00:00Z",
      "title": "CVE-2020-27843"
    },
    {
      "cve": "CVE-2020-27844",
      "notes": [
        {
          "category": "description",
          "text": "In OpenJPEG existieren mehrere Schwachstellen. Diese bestehen aufgrund von Puffer\u00fcberl\u00e4ufen und \"use-after-free\" Fehlern. Ein entfernter anonymer Angreifer kann das ausnutzen, um beliebigen Code mit den Rechten des angegriffenen Nutzers zur Ausf\u00fchrung zu bringen. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte Datei zu \u00f6ffnen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "398363"
        ]
      },
      "release_date": "2020-12-29T23:00:00Z",
      "title": "CVE-2020-27844"
    },
    {
      "cve": "CVE-2020-27845",
      "notes": [
        {
          "category": "description",
          "text": "In OpenJPEG existieren mehrere Schwachstellen. Diese bestehen aufgrund von Puffer\u00fcberl\u00e4ufen und \"use-after-free\" Fehlern. Ein entfernter anonymer Angreifer kann das ausnutzen, um beliebigen Code mit den Rechten des angegriffenen Nutzers zur Ausf\u00fchrung zu bringen. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte Datei zu \u00f6ffnen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "398363"
        ]
      },
      "release_date": "2020-12-29T23:00:00Z",
      "title": "CVE-2020-27845"
    }
  ]
}

rhsa-2021_4251

Vulnerability from csaf_redhat

Published

2021-11-09 17:42

Modified

2024-11-06 00:05

Summary

Red Hat Security Advisory: openjpeg2 security update

Notes

Topic

An update for openjpeg2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. The following packages have been upgraded to a later upstream version: openjpeg2 (2.4.0). Security Fix(es): * openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on by the decompressor (CVE-2020-15389) * openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS (CVE-2020-27814) * openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode() (CVE-2020-27823) * openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution (CVE-2021-3575) * openjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c (CVE-2018-5727) * openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c (CVE-2018-5785) * openjpeg: division-by-zero in functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c (CVE-2018-20845) * openjpeg: integer overflow in function opj_get_encoding_parameters in openjp2/pi.c (CVE-2018-20847) * openjpeg: denial of service in function opj_t1_encode_cblks in openjp2/t1.c (CVE-2019-12973) * openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes() (CVE-2020-27824) * openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (CVE-2020-27842) * openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (CVE-2020-27843) * openjpeg: heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (CVE-2020-27845) * openjpeg: out-of-bounds write due to an integer overflow in opj_compress.c (CVE-2021-29338) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for openjpeg2 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.\n\nThe following packages have been upgraded to a later upstream version: openjpeg2 (2.4.0).\n\nSecurity Fix(es):\n\n* openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on by the decompressor (CVE-2020-15389)\n\n* openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS (CVE-2020-27814)\n\n* openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode() (CVE-2020-27823)\n\n* openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution (CVE-2021-3575)\n\n* openjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c (CVE-2018-5727)\n\n* openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c (CVE-2018-5785)\n\n* openjpeg: division-by-zero in functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c (CVE-2018-20845)\n\n* openjpeg: integer overflow in function opj_get_encoding_parameters in openjp2/pi.c (CVE-2018-20847)\n\n* openjpeg: denial of service in function opj_t1_encode_cblks in openjp2/t1.c (CVE-2019-12973)\n\n* openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes() (CVE-2020-27824)\n\n* openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (CVE-2020-27842)\n\n* openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (CVE-2020-27843)\n\n* openjpeg: heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (CVE-2020-27845)\n\n* openjpeg: out-of-bounds write due to an integer overflow in opj_compress.c (CVE-2021-29338)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:4251",
        "url": "https://access.redhat.com/errata/RHSA-2021:4251"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
      },
      {
        "category": "external",
        "summary": "1536552",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536552"
      },
      {
        "category": "external",
        "summary": "1537758",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537758"
      },
      {
        "category": "external",
        "summary": "1728505",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728505"
      },
      {
        "category": "external",
        "summary": "1728509",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728509"
      },
      {
        "category": "external",
        "summary": "1732270",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732270"
      },
      {
        "category": "external",
        "summary": "1852869",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852869"
      },
      {
        "category": "external",
        "summary": "1901998",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901998"
      },
      {
        "category": "external",
        "summary": "1905723",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905723"
      },
      {
        "category": "external",
        "summary": "1905762",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905762"
      },
      {
        "category": "external",
        "summary": "1907513",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907513"
      },
      {
        "category": "external",
        "summary": "1907516",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907516"
      },
      {
        "category": "external",
        "summary": "1907523",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907523"
      },
      {
        "category": "external",
        "summary": "1950101",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950101"
      },
      {
        "category": "external",
        "summary": "1957616",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957616"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4251.json"
      }
    ],
    "title": "Red Hat Security Advisory: openjpeg2 security update",
    "tracking": {
      "current_release_date": "2024-11-06T00:05:46+00:00",
      "generator": {
        "date": "2024-11-06T00:05:46+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2021:4251",
      "initial_release_date": "2021-11-09T17:42:07+00:00",
      "revision_history": [
        {
          "date": "2021-11-09T17:42:07+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-11-09T17:42:07+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-06T00:05:46+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                  "product_id": "AppStream-8.5.0.GA",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat CodeReady Linux Builder (v. 8)",
                "product": {
                  "name": "Red Hat CodeReady Linux Builder (v. 8)",
                  "product_id": "CRB-8.5.0.GA",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::crb"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openjpeg2-0:2.4.0-4.el8.src",
                "product": {
                  "name": "openjpeg2-0:2.4.0-4.el8.src",
                  "product_id": "openjpeg2-0:2.4.0-4.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2@2.4.0-4.el8?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openjpeg2-0:2.4.0-4.el8.aarch64",
                "product": {
                  "name": "openjpeg2-0:2.4.0-4.el8.aarch64",
                  "product_id": "openjpeg2-0:2.4.0-4.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2@2.4.0-4.el8?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-tools-0:2.4.0-4.el8.aarch64",
                "product": {
                  "name": "openjpeg2-tools-0:2.4.0-4.el8.aarch64",
                  "product_id": "openjpeg2-tools-0:2.4.0-4.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-tools@2.4.0-4.el8?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
                "product": {
                  "name": "openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
                  "product_id": "openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-debugsource@2.4.0-4.el8?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
                "product": {
                  "name": "openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
                  "product_id": "openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-debuginfo@2.4.0-4.el8?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
                "product": {
                  "name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
                  "product_id": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-tools-debuginfo@2.4.0-4.el8?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-0:2.4.0-4.el8.aarch64",
                "product": {
                  "name": "openjpeg2-devel-0:2.4.0-4.el8.aarch64",
                  "product_id": "openjpeg2-devel-0:2.4.0-4.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-devel@2.4.0-4.el8?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openjpeg2-0:2.4.0-4.el8.ppc64le",
                "product": {
                  "name": "openjpeg2-0:2.4.0-4.el8.ppc64le",
                  "product_id": "openjpeg2-0:2.4.0-4.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2@2.4.0-4.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
                "product": {
                  "name": "openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
                  "product_id": "openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-tools@2.4.0-4.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
                "product": {
                  "name": "openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
                  "product_id": "openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-debugsource@2.4.0-4.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
                "product": {
                  "name": "openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
                  "product_id": "openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-debuginfo@2.4.0-4.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
                "product": {
                  "name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
                  "product_id": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-tools-debuginfo@2.4.0-4.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
                "product": {
                  "name": "openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
                  "product_id": "openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-devel@2.4.0-4.el8?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openjpeg2-0:2.4.0-4.el8.i686",
                "product": {
                  "name": "openjpeg2-0:2.4.0-4.el8.i686",
                  "product_id": "openjpeg2-0:2.4.0-4.el8.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2@2.4.0-4.el8?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-debugsource-0:2.4.0-4.el8.i686",
                "product": {
                  "name": "openjpeg2-debugsource-0:2.4.0-4.el8.i686",
                  "product_id": "openjpeg2-debugsource-0:2.4.0-4.el8.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-debugsource@2.4.0-4.el8?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
                "product": {
                  "name": "openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
                  "product_id": "openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-debuginfo@2.4.0-4.el8?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
                "product": {
                  "name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
                  "product_id": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-tools-debuginfo@2.4.0-4.el8?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-0:2.4.0-4.el8.i686",
                "product": {
                  "name": "openjpeg2-devel-0:2.4.0-4.el8.i686",
                  "product_id": "openjpeg2-devel-0:2.4.0-4.el8.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-devel@2.4.0-4.el8?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-tools-0:2.4.0-4.el8.i686",
                "product": {
                  "name": "openjpeg2-tools-0:2.4.0-4.el8.i686",
                  "product_id": "openjpeg2-tools-0:2.4.0-4.el8.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-tools@2.4.0-4.el8?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openjpeg2-0:2.4.0-4.el8.x86_64",
                "product": {
                  "name": "openjpeg2-0:2.4.0-4.el8.x86_64",
                  "product_id": "openjpeg2-0:2.4.0-4.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2@2.4.0-4.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-tools-0:2.4.0-4.el8.x86_64",
                "product": {
                  "name": "openjpeg2-tools-0:2.4.0-4.el8.x86_64",
                  "product_id": "openjpeg2-tools-0:2.4.0-4.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-tools@2.4.0-4.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
                "product": {
                  "name": "openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
                  "product_id": "openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-debugsource@2.4.0-4.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
                "product": {
                  "name": "openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
                  "product_id": "openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-debuginfo@2.4.0-4.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
                "product": {
                  "name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
                  "product_id": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-tools-debuginfo@2.4.0-4.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-0:2.4.0-4.el8.x86_64",
                "product": {
                  "name": "openjpeg2-devel-0:2.4.0-4.el8.x86_64",
                  "product_id": "openjpeg2-devel-0:2.4.0-4.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-devel@2.4.0-4.el8?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openjpeg2-0:2.4.0-4.el8.s390x",
                "product": {
                  "name": "openjpeg2-0:2.4.0-4.el8.s390x",
                  "product_id": "openjpeg2-0:2.4.0-4.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2@2.4.0-4.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-tools-0:2.4.0-4.el8.s390x",
                "product": {
                  "name": "openjpeg2-tools-0:2.4.0-4.el8.s390x",
                  "product_id": "openjpeg2-tools-0:2.4.0-4.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-tools@2.4.0-4.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
                "product": {
                  "name": "openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
                  "product_id": "openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-debugsource@2.4.0-4.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
                "product": {
                  "name": "openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
                  "product_id": "openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-debuginfo@2.4.0-4.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
                "product": {
                  "name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
                  "product_id": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-tools-debuginfo@2.4.0-4.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openjpeg2-devel-0:2.4.0-4.el8.s390x",
                "product": {
                  "name": "openjpeg2-devel-0:2.4.0-4.el8.s390x",
                  "product_id": "openjpeg2-devel-0:2.4.0-4.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-devel@2.4.0-4.el8?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
                "product": {
                  "name": "openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
                  "product_id": "openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openjpeg2-devel-docs@2.4.0-4.el8?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-0:2.4.0-4.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64"
        },
        "product_reference": "openjpeg2-0:2.4.0-4.el8.aarch64",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-0:2.4.0-4.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686"
        },
        "product_reference": "openjpeg2-0:2.4.0-4.el8.i686",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-0:2.4.0-4.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le"
        },
        "product_reference": "openjpeg2-0:2.4.0-4.el8.ppc64le",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-0:2.4.0-4.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x"
        },
        "product_reference": "openjpeg2-0:2.4.0-4.el8.s390x",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-0:2.4.0-4.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src"
        },
        "product_reference": "openjpeg2-0:2.4.0-4.el8.src",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-0:2.4.0-4.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64"
        },
        "product_reference": "openjpeg2-0:2.4.0-4.el8.x86_64",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64"
        },
        "product_reference": "openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-debuginfo-0:2.4.0-4.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686"
        },
        "product_reference": "openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le"
        },
        "product_reference": "openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-debuginfo-0:2.4.0-4.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x"
        },
        "product_reference": "openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64"
        },
        "product_reference": "openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-debugsource-0:2.4.0-4.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64"
        },
        "product_reference": "openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-debugsource-0:2.4.0-4.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686"
        },
        "product_reference": "openjpeg2-debugsource-0:2.4.0-4.el8.i686",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le"
        },
        "product_reference": "openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-debugsource-0:2.4.0-4.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x"
        },
        "product_reference": "openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-debugsource-0:2.4.0-4.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64"
        },
        "product_reference": "openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-0:2.4.0-4.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64"
        },
        "product_reference": "openjpeg2-devel-0:2.4.0-4.el8.aarch64",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-0:2.4.0-4.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686"
        },
        "product_reference": "openjpeg2-devel-0:2.4.0-4.el8.i686",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-0:2.4.0-4.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le"
        },
        "product_reference": "openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-0:2.4.0-4.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x"
        },
        "product_reference": "openjpeg2-devel-0:2.4.0-4.el8.s390x",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-0:2.4.0-4.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64"
        },
        "product_reference": "openjpeg2-devel-0:2.4.0-4.el8.x86_64",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-docs-0:2.4.0-4.el8.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch"
        },
        "product_reference": "openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-tools-0:2.4.0-4.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64"
        },
        "product_reference": "openjpeg2-tools-0:2.4.0-4.el8.aarch64",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-tools-0:2.4.0-4.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686"
        },
        "product_reference": "openjpeg2-tools-0:2.4.0-4.el8.i686",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-tools-0:2.4.0-4.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le"
        },
        "product_reference": "openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-tools-0:2.4.0-4.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x"
        },
        "product_reference": "openjpeg2-tools-0:2.4.0-4.el8.s390x",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-tools-0:2.4.0-4.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64"
        },
        "product_reference": "openjpeg2-tools-0:2.4.0-4.el8.x86_64",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64"
        },
        "product_reference": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686"
        },
        "product_reference": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le"
        },
        "product_reference": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x"
        },
        "product_reference": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
        },
        "product_reference": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
        "relates_to_product_reference": "AppStream-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-0:2.4.0-4.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64"
        },
        "product_reference": "openjpeg2-0:2.4.0-4.el8.aarch64",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-0:2.4.0-4.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686"
        },
        "product_reference": "openjpeg2-0:2.4.0-4.el8.i686",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-0:2.4.0-4.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le"
        },
        "product_reference": "openjpeg2-0:2.4.0-4.el8.ppc64le",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-0:2.4.0-4.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x"
        },
        "product_reference": "openjpeg2-0:2.4.0-4.el8.s390x",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-0:2.4.0-4.el8.src as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src"
        },
        "product_reference": "openjpeg2-0:2.4.0-4.el8.src",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-0:2.4.0-4.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64"
        },
        "product_reference": "openjpeg2-0:2.4.0-4.el8.x86_64",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64"
        },
        "product_reference": "openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-debuginfo-0:2.4.0-4.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686"
        },
        "product_reference": "openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le"
        },
        "product_reference": "openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-debuginfo-0:2.4.0-4.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x"
        },
        "product_reference": "openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64"
        },
        "product_reference": "openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-debugsource-0:2.4.0-4.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64"
        },
        "product_reference": "openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-debugsource-0:2.4.0-4.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686"
        },
        "product_reference": "openjpeg2-debugsource-0:2.4.0-4.el8.i686",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le"
        },
        "product_reference": "openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-debugsource-0:2.4.0-4.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x"
        },
        "product_reference": "openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-debugsource-0:2.4.0-4.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64"
        },
        "product_reference": "openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-0:2.4.0-4.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64"
        },
        "product_reference": "openjpeg2-devel-0:2.4.0-4.el8.aarch64",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-0:2.4.0-4.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686"
        },
        "product_reference": "openjpeg2-devel-0:2.4.0-4.el8.i686",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-0:2.4.0-4.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le"
        },
        "product_reference": "openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-0:2.4.0-4.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x"
        },
        "product_reference": "openjpeg2-devel-0:2.4.0-4.el8.s390x",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-0:2.4.0-4.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64"
        },
        "product_reference": "openjpeg2-devel-0:2.4.0-4.el8.x86_64",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-devel-docs-0:2.4.0-4.el8.noarch as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch"
        },
        "product_reference": "openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-tools-0:2.4.0-4.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64"
        },
        "product_reference": "openjpeg2-tools-0:2.4.0-4.el8.aarch64",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-tools-0:2.4.0-4.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686"
        },
        "product_reference": "openjpeg2-tools-0:2.4.0-4.el8.i686",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-tools-0:2.4.0-4.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le"
        },
        "product_reference": "openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-tools-0:2.4.0-4.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x"
        },
        "product_reference": "openjpeg2-tools-0:2.4.0-4.el8.s390x",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-tools-0:2.4.0-4.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64"
        },
        "product_reference": "openjpeg2-tools-0:2.4.0-4.el8.x86_64",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64"
        },
        "product_reference": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686"
        },
        "product_reference": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le"
        },
        "product_reference": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x"
        },
        "product_reference": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
          "product_id": "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
        },
        "product_reference": "openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
        "relates_to_product_reference": "CRB-8.5.0.GA"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-5727",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2018-01-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1536552"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-5727"
        },
        {
          "category": "external",
          "summary": "RHBZ#1536552",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536552"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5727",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-5727"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5727",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5727"
        }
      ],
      "release_date": "2018-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-11-09T17:42:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:4251"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c"
    },
    {
      "cve": "CVE-2018-5785",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2018-01-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1537758"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-5785"
        },
        {
          "category": "external",
          "summary": "RHBZ#1537758",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537758"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5785",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-5785"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5785",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5785"
        }
      ],
      "release_date": "2018-01-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-11-09T17:42:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:4251"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c"
    },
    {
      "cve": "CVE-2018-20845",
      "cwe": {
        "id": "CWE-369",
        "name": "Divide By Zero"
      },
      "discovery_date": "2019-06-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1728505"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openjpeg: division-by-zero in functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-20845"
        },
        {
          "category": "external",
          "summary": "RHBZ#1728505",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728505"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-20845",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-20845"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20845",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20845"
        }
      ],
      "release_date": "2019-06-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-11-09T17:42:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:4251"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openjpeg: division-by-zero in functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c"
    },
    {
      "cve": "CVE-2018-20847",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2019-06-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1728509"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openjpeg: integer overflow in function opj_get_encoding_parameters in openjp2/pi.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the versions of openjpeg as shipped with Red Hat Enterprise Linux 7 as they did not include the vulnerable code, due to an older version of the tool being shipped.\nThis issue did not affect the versions of openjpeg2 as shipped with Red Hat Enterprise Linux 7 as they already contain the patched code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-20847"
        },
        {
          "category": "external",
          "summary": "RHBZ#1728509",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728509"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-20847",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-20847"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20847",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20847"
        }
      ],
      "release_date": "2019-06-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-11-09T17:42:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:4251"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openjpeg: integer overflow in function opj_get_encoding_parameters in openjp2/pi.c"
    },
    {
      "cve": "CVE-2019-12973",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2019-07-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1732270"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openjpeg: denial of service in function opj_t1_encode_cblks in openjp2/t1.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-12973"
        },
        {
          "category": "external",
          "summary": "RHBZ#1732270",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732270"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12973",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-12973"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12973",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12973"
        }
      ],
      "release_date": "2019-06-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-11-09T17:42:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:4251"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openjpeg: denial of service in function opj_t1_encode_cblks in openjp2/t1.c"
    },
    {
      "cve": "CVE-2020-15389",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2020-06-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1852869"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on by the decompressor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-15389"
        },
        {
          "category": "external",
          "summary": "RHBZ#1852869",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852869"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15389",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-15389"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15389",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15389"
        }
      ],
      "release_date": "2020-06-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-11-09T17:42:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:4251"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on by the decompressor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "zodf0055980"
          ],
          "organization": "SQLab NCTU Taiwan"
        }
      ],
      "cve": "CVE-2020-27814",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "discovery_date": "2020-11-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1901998"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-27814"
        },
        {
          "category": "external",
          "summary": "RHBZ#1901998",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901998"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27814",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-27814"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27814",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27814"
        },
        {
          "category": "external",
          "summary": "https://github.com/uclouvain/openjpeg/issues/1283",
          "url": "https://github.com/uclouvain/openjpeg/issues/1283"
        }
      ],
      "release_date": "2020-11-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-11-09T17:42:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:4251"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "zodf0055980"
          ],
          "organization": "SQLab NCTU Taiwan"
        }
      ],
      "cve": "CVE-2020-27823",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2020-11-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1905762"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in OpenJPEG\u2019s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security has rated this flaw with Moderate severity because it affects the encoder functionality specifically when performing an image conversion and not general reading of image files.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-27823"
        },
        {
          "category": "external",
          "summary": "RHBZ#1905762",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905762"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27823",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-27823"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27823",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27823"
        }
      ],
      "release_date": "2020-11-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-11-09T17:42:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:4251"
        },
        {
          "category": "workaround",
          "details": "This flaw can be mitigated by not using openjpeg to convert untrusted image files.",
          "product_ids": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode()"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "zodf0055980"
          ],
          "organization": "SQLab NCTU Taiwan"
        }
      ],
      "cve": "CVE-2020-27824",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2020-11-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1905723"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in OpenJPEG\u2019s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-27824"
        },
        {
          "category": "external",
          "summary": "RHBZ#1905723",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905723"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27824",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-27824"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27824",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27824"
        }
      ],
      "release_date": "2020-11-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-11-09T17:42:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:4251"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes()"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "zodf0055980"
          ],
          "organization": "SQLab NCTU Taiwan"
        }
      ],
      "cve": "CVE-2020-27842",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2020-12-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1907513"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in OpenJPEG\u2019s t2 encoder. This flaw allows an attacker who can provide crafted input to be processed by OpenJPEG to cause a NULL pointer dereference issue. The highest threat to this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-27842"
        },
        {
          "category": "external",
          "summary": "RHBZ#1907513",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907513"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27842",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-27842"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27842",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27842"
        }
      ],
      "release_date": "2020-12-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-11-09T17:42:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:4251"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "zodf0055980"
          ],
          "organization": "SQLab NCTU Taiwan"
        }
      ],
      "cve": "CVE-2020-27843",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2020-12-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1907516"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in OpenJPEG. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-27843"
        },
        {
          "category": "external",
          "summary": "RHBZ#1907516",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907516"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27843",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-27843"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27843",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27843"
        }
      ],
      "release_date": "2020-12-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-11-09T17:42:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:4251"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "zodf0055980"
          ],
          "organization": "SQLab NCTU Taiwan"
        }
      ],
      "cve": "CVE-2020-27845",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2020-12-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1907523"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the src/lib/openjp2/pi.c function of OpenJPEG. This flaw allows an attacker who can provide untrusted input to OpenJPEG\u2019s conversion/encoding functionality to cause an out-of-bounds read. The highest impact from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openjpeg: heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-27845"
        },
        {
          "category": "external",
          "summary": "RHBZ#1907523",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907523"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27845",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-27845"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27845",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27845"
        }
      ],
      "release_date": "2020-12-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-11-09T17:42:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:4251"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openjpeg: heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c"
    },
    {
      "cve": "CVE-2021-3575",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2021-05-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1957616"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A heap-based buffer overflow was found in OpenJPEG. This flaw allows an attacker to execute arbitrary code with the permissions of the application compiled against OpenJPEG.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3575"
        },
        {
          "category": "external",
          "summary": "RHBZ#1957616",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957616"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3575",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3575"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3575",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3575"
        }
      ],
      "release_date": "2021-05-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-11-09T17:42:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:4251"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution"
    },
    {
      "cve": "CVE-2021-29338",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2021-04-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1950101"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "There is a flaw in the opj2_compress program in openjpeg2. An attacker who is able to submit a large number of image files to be processed in a directory by opj2_compress, could trigger a heap out-of-bounds write due to an integer overflow, which is caused by the large number of image files. The greatest threat posed by this flaw is to confidentiality, integrity, and availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openjpeg: out-of-bounds write due to an integer overflow in opj_compress.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw affects the opj2_compress utility but is not in the openjpeg2 library. Therefore, the attack vector is local to the opj2_compress utility and would require an attacker to convince a user to open a directory with an extremely large number of files using opj2_compress, or a script to be feeding such arbitrary, untrusted files to opj2_compress.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
          "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
          "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-29338"
        },
        {
          "category": "external",
          "summary": "RHBZ#1950101",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950101"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-29338",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-29338"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29338",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29338"
        }
      ],
      "release_date": "2021-03-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-11-09T17:42:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:4251"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "AppStream-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "AppStream-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.src",
            "CRB-8.5.0.GA:openjpeg2-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debuginfo-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-debugsource-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-devel-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-devel-docs-0:2.4.0-4.el8.noarch",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-0:2.4.0-4.el8.x86_64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.aarch64",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.i686",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.ppc64le",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.s390x",
            "CRB-8.5.0.GA:openjpeg2-tools-debuginfo-0:2.4.0-4.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openjpeg: out-of-bounds write due to an integer overflow in opj_compress.c"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2020-27814

Vulnerability from cvelistv5

gsd-2020-27814

Vulnerability from gsd

ghsa-2rjp-9cc6-3v2j

Vulnerability from github

wid-sec-w-2022-1880

Vulnerability from csaf_certbund

rhsa-2021_4251

Vulnerability from csaf_redhat

Tags

Sightings

Nomenclature