openjpeg: Multiple vulnerabilities (CVE-2020-6851, CVE-2020-8112)
CVE-2020-6851: Heap-based buffer overflow.
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in libopenjp2.so.
References:
Patch:
https://github.com/uclouvain/openjpeg/commit/46c1eff9e98bbcf794d042f7b2e3d45556e805ce
CVE-2020-8112: Heap-based buffer overflow in the qmfbid.
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
References:
Patch:
https://github.com/uclouvain/openjpeg/commit/05f9b91e60debda0e83977e5e63b2e66486f7074