openjpeg: Multiple vulnerabilities (CVE-2020-27814, CVE-2020-27823, CVE-2020-27824)
CVE-2020-27814: Heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS
A heap-buffer overwrites error was discovered in lib/openjp2/mqc.c in OpenJPEG 2.3.1. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
CVE-2020-27823: Heap-buffer-overflow write in lib-openjp2
In openjpeg v2.3.1 and prior, there's a heap buffer overflow in opj_tcd_dc_level_shift_encode() causing an out-of-bounds WRITE when crafted input is processed by the encoder and -d option is used.
CVE-2020-27824: global-buffer-overflow read in lib-openjp2
In openjpeg v2.3.1 and prior, if too many decomposition levels are supplied to the encoder, it could cause a global buffer overflow to out-of-bounds read in the opj_dwt_calc_explicit_stepsizes() function.