CVE-2020-27841

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions openjpeg versions prior to 2.4.0

Description The issue is related to an out-of-bounds read in the src/lib/openjp2/pi.c component of the openjpeg library. This occurs when an attacker provides crafted input to be processed by the openjpeg encoder. The greatest impact from this flaw is to application availability, potentially allowing a remote attacker to cause a denial of service.

Recommendations For versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue. As a temporary workaround, consider restricting the input to the openjpeg encoder to prevent crafted data from being processed.

Fix

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787

Related Identifiers

ALT-PU-2020-3564

AZL-45006

BDU:2021-03507

CVE-2020-27841

DLA-2550-1

DSA-4882-1

MGASA-2020-0478

OESA-2021-1118

OPENSUSE-SU-2022_3802-1

OPENSUSE-SU-2024:13571-1

SUSE-SU-2022:3802-1

USN-4685-1

USN-4686-1

USN-4880-1

USN-5952-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Suse

Ubuntu

Openjpeg

CVE-2020-27841

Weakness Enumeration

Related Identifiers

Affected Products

References · 76