Buffer Overflow Vulnerability in OpenJPEG Encoder Affecting Multiple Vendors
CVE-2020-27824

5.5MEDIUM

Key Information:

Vendor

Uclouvain

Status
Openjpeg
Vendor
CVE Published:
13 May 2021

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2020-27824?

A vulnerability exists in the OpenJPEG encoder's opj_dwt_calc_explicit_stepsizes() function, which allows attackers to exploit crafted input data. This can lead to a buffer overflow, potentially compromising system availability and enabling attackers to impact the performance and stability of the affected applications.

Affected Version(s)

openjpeg openjpeg 2.4.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

openjpeg-2.3.0_CVE-2020-27824
Created by pazhanivel07

References

https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://lists.debian.org/debian-lts-announce/2021/02/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.