CVE-2020-27823

CWE-20 — Improper Input Validation CWE-120 — Classic Buffer Overflow CWE-787 — Out-of-bounds Write11 documents8 sources

Severity

7.8HIGH

EPSS

0.0%

top 86.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Uclouvain Openjpeg Debian Debian Linux Fedoraproject Fedora

Timeline

PublishedMay 13

Latest updateMar 15

Description

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDuclouvain/openjpeg< 2.4.0

▶Debianopenjpeg2< 2.4.0-1+3

▶CVEListV5openjpegopenjpeg 2.4.0

Also affects: Debian Linux 10.0, 9.0, Fedora 32, 33

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

openjpeg2 vulnerabilities↗2023-03-15

▶

GHSA

GHSA-27x9-7vgq-h9f7: A flaw was found in OpenJPEG’s encoder↗2022-05-24

▶

CVEList

CVE-2020-27823: A flaw was found in OpenJPEG’s encoder↗2021-05-13

▶

OSV

CVE-2020-27823: A flaw was found in OpenJPEG’s encoder↗2021-05-13

▶

📋Vendor Advisories

Ubuntu

OpenJPEG vulnerabilities↗2023-03-15

▶

Microsoft

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted xy offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to conf↗2021-05-11

▶

Ubuntu

OpenJPEG vulnerabilities↗2021-03-16

▶

Ubuntu

OpenJPEG vulnerabilities↗2021-01-07

▶

Red Hat

openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode()↗2020-11-25

▶