CVE-2020-27841
05.01.2021, 18:15
There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.Enginsight
| Vendor | Product | Version |
|---|---|---|
| uclouvain | openjpeg | 𝑥 < 2.4.0 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| oracle | outside_in_technology | 8.5.5 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| blender |
| ||||||||||||||||||||||||
| ghostscript |
| ||||||||||||||||||||||||
| insighttoolkit4 |
| ||||||||||||||||||||||||
| openjpeg |
| ||||||||||||||||||||||||
| openjpeg2 |
| ||||||||||||||||||||||||
| qtwebengine-opensource-src |
| ||||||||||||||||||||||||
| texmaker |
|
Common Weakness Enumeration
- CWE-122 - Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
References