PT-2020-16806 · Jasper+7 · Jasper+7

Zodf0055980

Published

2020-12-11

Updated

2024-06-15

CVE-2020-27828

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions jasper versions prior to 2.0.23

Description The issue is related to a flaw in jasper's jpc encoder. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write, potentially affecting data confidentiality, integrity, or application availability.

Recommendations For versions prior to 2.0.23, update to version 2.0.23 or later to resolve the issue. As a temporary workaround, consider restricting the input to the jpc encoder to prevent crafted input from causing an arbitrary out-of-bounds write.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2021:4235

ALT-PU-2021-1114

CESA-2021_4235

CVE-2020-27828

MGASA-2020-0463

OPENSUSE-SU-2021:0303-1

OPENSUSE-SU-2021_0303-1

OPENSUSE-SU-2024:10869-1

RHSA-2021:4235

RHSA-2021_4235

RLSA-2021:4235

SUSE-SU-2021:0488-1

SUSE-SU-2021:0489-1

SUSE-SU-2021:14627-1

SUSE-SU-2021_0488-1

SUSE-SU-2021_0489-1

SUSE-SU-2021_14627-1

USN-4688-1

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Suse

Ubuntu

Jasper

PT-2020-16806 · Jasper+7 · Jasper+7

CVE-2020-27828

Weakness Enumeration

Related Identifiers

Affected Products

References · 92