OpenJPEG Encoder Vulnerability Exposing Multiple System Risks
CVE-2020-27823

7.8HIGH

Key Information:

Vendor

Uclouvain

Status
Openjpeg
Vendor
CVE Published:
13 May 2021

What is CVE-2020-27823?

A significant flaw exists in the OpenJPEG encoder, where specially crafted x,y offset inputs can be utilized during the encoding process. This vulnerability poses a risk to the confidentiality and integrity of system data, as well as potentially affecting the availability of services relying on OpenJPEG. Attackers may exploit this flaw to disrupt normal operations and extract sensitive information from affected systems.

Affected Version(s)

openjpeg openjpeg 2.4.0

References

https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://lists.debian.org/debian-lts-announce/2021/02/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.