A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1905762 | Issue Tracking Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/ | |
https://www.debian.org/security/2021/dsa-4882 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
02 Jun 2021, 17:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
|
CWE | CWE-787 CWE-120 |
|
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 7.8 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1905762 - Issue Tracking, Patch, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2021/dsa-4882 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/ - Mailing List, Third Party Advisory |
Information
Published : 2021-05-13 15:15
Updated : 2024-02-04 21:47
NVD link : CVE-2020-27823
Mitre link : CVE-2020-27823
CVE.ORG link : CVE-2020-27823
JSON object : View
Products Affected
uclouvain
- openjpeg
debian
- debian_linux
fedoraproject
- fedora