CVE-2020-27845
05.01.2021, 18:15
There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| uclouvain | openjpeg | 𝑥 < 2.4.0 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| oracle | outside_in_technology | 8.5.5 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| blender |
| ||||||||||||||||||||||||
| ghostscript |
| ||||||||||||||||||||||||
| insighttoolkit4 |
| ||||||||||||||||||||||||
| openjpeg |
| ||||||||||||||||||||||||
| openjpeg2 |
| ||||||||||||||||||||||||
| qtwebengine-opensource-src |
| ||||||||||||||||||||||||
| texmaker |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libopenjp2-7 |
| ||||||||||||||||||||||||||||||||||||
| libopenjp2-7-32bit |
| ||||||||||||||||||||||||||||||||||||
| libopenjpeg1 |
| ||||||||||||||||||||||||||||||||||||
| libopenjpeg1-32bit |
| ||||||||||||||||||||||||||||||||||||
| openjpeg-devel |
| ||||||||||||||||||||||||||||||||||||
| openjpeg2 |
| ||||||||||||||||||||||||||||||||||||
| openjpeg2-devel |
|
Red Hat Enterprise Linux Releases
Common Weakness Enumeration
References