A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1901998 | Issue Tracking Patch Third Party Advisory |
https://github.com/uclouvain/openjpeg/issues/1283 | Exploit Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202101-29 | Third Party Advisory |
https://www.debian.org/security/2021/dsa-4882 | Third Party Advisory |
https://www.oracle.com//security-alerts/cpujul2021.html | Third Party Advisory |
Configurations
History
07 Oct 2022, 02:22
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | |
References |
|
|
References | (DEBIAN) https://www.debian.org/security/2021/dsa-4882 - Third Party Advisory |
02 Apr 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Feb 2021, 19:59
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html - Mailing List, Third Party Advisory |
09 Feb 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Feb 2021, 17:26
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:* | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1901998 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://github.com/uclouvain/openjpeg/issues/1283 - Exploit, Issue Tracking, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202101-29 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 7.8 |
26 Jan 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-26 18:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-27814
Mitre link : CVE-2020-27814
CVE.ORG link : CVE-2020-27814
JSON object : View
Products Affected
debian
- debian_linux
uclouvain
- openjpeg
CWE
CWE-122
Heap-based Buffer Overflow