CVE-2020-27823

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenJPEG (affected versions not specified)

Description The issue is related to a buffer data boundary operation overflow in the OpenJPEG library, which is used for image encoding and decoding. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The flaw in OpenJPEG's encoder enables an attacker to pass specially crafted x,y offset input during encoding, posing a threat to confidentiality, integrity, and system availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Buffer Overflow

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-120CWE-20

Related Identifiers

ALSA-2021:4251

ALT-PU-2020-3564

AZL-44814

BDU:2021-03506

CESA-2021_4251

CVE-2020-27823

DLA-2550-1

DSA-4882-1

MGASA-2020-0464

OESA-2021-1234

OPENSUSE-SU-2022_1252-1

OPENSUSE-SU-2022_1296-1

OPENSUSE-SU-2024:13571-1

RHSA-2021:4251

RHSA-2021_4251

RLSA-2021:4251

SUSE-SU-2022:1129-1

SUSE-SU-2022:1252-1

SUSE-SU-2022:1296-1

USN-4685-1

USN-4880-1

USN-5952-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Openjpeg

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2020-27823

Weakness Enumeration

Related Identifiers

Affected Products

References · 125