CVE-2020-27828

Summary

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.

Affected Software

VendorProductVersion RangeStatus
n/ajasperprior to 2.0.23affected

Weaknesses

  • CWE-20: CWE-20->CWE-122->CWE-787

ADP Enrichment

CVE Program Container

Additional References

References