CVE-2020-27824: A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to…

medium5.5CVSS 3.1

AVLACLPRNUIRSUCNINAH

A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.

Affected

18 ranges

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	openjpeg2	< openjpeg2 2.4.0-1 (bookworm)	openjpeg2 2.4.0-1 (bookworm)
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
msrc	azl3_openjpeg2_2.3.1-12_on_azure_linux_3.0	—	—
msrc	azure_linux_3.0_arm	—	—
msrc	azure_linux_3.0_x64	—	—
redhat	enterprise_linux	—	—
the_openjpeg_project	openjpeg2	>= 0 < 2.4.0-1	2.4.0-1
the_openjpeg_project	openjpeg2	>= 0 < 2.4.0-1	2.4.0-1
the_openjpeg_project	openjpeg2	>= 0 < 2.4.0-1	2.4.0-1
the_openjpeg_project	openjpeg2	>= 0 < 2.4.0-1	2.4.0-1
the_openjpeg_project	openjpeg2	>= 0 < 2.3.0-2+deb10u2build0.18.04.1	2.3.0-2+deb10u2build0.18.04.1
the_openjpeg_project	openjpeg2	>= 0 < 2.1.2-1.1+deb9u6ubuntu0.1~esm3	2.1.2-1.1+deb9u6ubuntu0.1~esm3
uclouvain	openjpeg	< 2.4.0	2.4.0
uclouvain	openjpeg	—	—
uclouvain	openjpeg	>= 0 < 1:1.5.2-3.1ubuntu0.1~esm2	1:1.5.2-3.1ubuntu0.1~esm2

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

osv6.5MEDIUM