CVE-2020-27814

CWE-122Heap-based Buffer Overflow12 documents8 sources
Severity
7.8HIGH
EPSS
0.2%
top 56.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Uclouvain OpenjpegDebian Debian Linux
Timeline
PublishedJan 26
Latest updateMar 15

Description

A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

Debianopenjpeg2< 2.4.0-1+3
NVDuclouvain/openjpeg2.0.02.4.0+1
CVEListV5openjpegbefore openjpeg 2.4.0

Also affects: Debian Linux 10.0, 9.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

4
OSV
openjpeg2 vulnerabilities2023-03-15
GHSA
GHSA-2rjp-9cc6-3v2j: A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files2022-05-24
OSV
CVE-2020-27814: A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files2021-01-26
CVEList
CVE-2020-27814: A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files2021-01-25

📋Vendor Advisories

7
Ubuntu
OpenJPEG vulnerabilities2023-03-15
Ubuntu
OpenJPEG vulnerabilities2021-03-16
Microsoft
A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the p2021-01-12
Ubuntu
Ghostscript vulnerabilities2021-01-07
Ubuntu
OpenJPEG vulnerabilities2021-01-07
CVE-2020-27814 (HIGH CVSS 7.8) | A heap-buffer overflow was found in | cvebase.io