CVE-2020-27823
N/A
N/A
Summary
A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | openjpeg | openjpeg 2.4.0 | affected |
Weaknesses
- CWE-20: CWE-20->CWE-120->CWE-787
ADP Enrichment
CVE Program Container
Additional References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/
- https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html
- https://www.debian.org/security/2021/dsa-4882
- https://bugzilla.redhat.com/show_bug.cgi?id=1905762
References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/
- https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html
- https://www.debian.org/security/2021/dsa-4882
- https://bugzilla.redhat.com/show_bug.cgi?id=1905762
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.