CVE-2020-27823

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:21

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP/', 'name': 'FEDORA-2020-4cd57a6876', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/', 'name': 'FEDORA-2020-d32853a28d', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP/ -

02 Jun 2021, 17:01

Type Values Removed Values Added
CWE CWE-120
CWE-787
CVSS v2 : unknown
v3 : unknown
v2 : 6.8
v3 : 7.8
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1905762 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1905762 - Issue Tracking, Patch, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html - (MLIST) https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2021/dsa-4882 - (DEBIAN) https://www.debian.org/security/2021/dsa-4882 - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP/ - Mailing List, Third Party Advisory
CPE cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

13 May 2021, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-05-13 15:15

Updated : 2023-12-10 13:55


NVD link : CVE-2020-27823

Mitre link : CVE-2020-27823

CVE.ORG link : CVE-2020-27823


JSON object : View

Products Affected

uclouvain

  • openjpeg

debian

  • debian_linux

fedoraproject

  • fedora
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-787

Out-of-bounds Write

CWE-20

Improper Input Validation