CVE-2020-27842
published 2021-01-05CVE-2020-27842: There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a…
medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | openjpeg2 | < openjpeg2 2.4.0-1 (bookworm) | openjpeg2 2.4.0-1 (bookworm) |
| fedoraproject | extra_packages_for_enterprise_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| msrc | azl3_openjpeg2_2.3.1-12_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| oracle | outside_in_technology | — | — |
| redhat | codeready_linux_builder | — | — |
| redhat | codeready_linux_builder_for_ibm_z_systems | — | — |
| redhat | codeready_linux_builder_for_power_little_endian | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_for_ibm_z_systems | — | — |
| redhat | enterprise_linux_for_power_little_endian | — | — |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.4.0-1 | 2.4.0-1 |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.4.0-1 | 2.4.0-1 |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.4.0-1 | 2.4.0-1 |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.4.0-1 | 2.4.0-1 |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.3.0-2+deb10u2build0.18.04.1 | 2.3.0-2+deb10u2build0.18.04.1 |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.1.2-1.1+deb9u6ubuntu0.1~esm3 | 2.1.2-1.1+deb9u6ubuntu0.1~esm3 |
| uclouvain | openjpeg | < 2.4.0 | 2.4.0 |
| uclouvain | openjpeg | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM