CVE-2020-27823

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

02 Jun 2021, 17:01

Type Values Removed Values Added
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1905762 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1905762 - Issue Tracking, Patch, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html - (MLIST) https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2021/dsa-4882 - (DEBIAN) https://www.debian.org/security/2021/dsa-4882 - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP/ - Mailing List, Third Party Advisory
CWE CWE-120
CWE-787
CVSS v2 : unknown
v3 : unknown
v2 : 6.8
v3 : 7.8
CPE cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

13 May 2021, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-05-13 15:15

Updated : 2021-06-02 17:01


NVD link : CVE-2020-27823

Mitre link : CVE-2020-27823


JSON object : View

Products Affected

uclouvain

  • openjpeg

debian

  • debian_linux

fedoraproject

  • fedora
CWE
CWE-787

Out-of-bounds Write

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')