CVE-2020-27844
published 2021-01-05CVE-2020-27844: A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | openjpeg2 | — | — |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
| oracle | outside_in_technology | — | — |
| paloalto | pan-os | — | — |
| uclouvain | openjpeg | < 2.4.0 | 2.4.0 |
| uclouvain | openjpeg | — | — |
| uclouvain | openjpeg | >= 0 < 2.4.0-r0 | 2.4.0-r0 |
| uclouvain | openjpeg | >= 0 < 2.4.0-r0 | 2.4.0-r0 |
| uclouvain | openjpeg | >= 0 < 2.4.0-r0 | 2.4.0-r0 |
| uclouvain | openjpeg | >= 0 < 2.4.0-r0 | 2.4.0-r0 |
| uclouvain | openjpeg | >= 0 < 2.4.0-r0 | 2.4.0-r0 |
| uclouvain | openjpeg | >= 0 < 2.4.0-r0 | 2.4.0-r0 |
| uclouvain | openjpeg | >= 0 < 2.4.0-r0 | 2.4.0-r0 |
| uclouvain | openjpeg | >= 0 < 2.4.0-r0 | 2.4.0-r0 |
| uclouvain | openjpeg | >= 0 < 2.4.0-r0 | 2.4.0-r0 |
| uclouvain | openjpeg | >= 0 < 2.4.0-r0 | 2.4.0-r0 |
| uclouvain | openjpeg | >= 0 < 2.4.0-r0 | 2.4.0-r0 |
| uclouvain | openjpeg | >= 0 < 2.4.0-r0 | 2.4.0-r0 |
| uclouvain | openjpeg | >= 0 < 2.4.0-r0 | 2.4.0-r0 |
| uclouvain | openjpeg | >= 0 < 2.4.0-r0 | 2.4.0-r0 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH