Out-of-bounds Read Vulnerability in OpenJPEG Encoder by OpenJPEG
CVE-2020-27841

5.5MEDIUM

Key Information:

Vendor

Uclouvain

Status
Openjpeg
Vendor
CVE Published:
5 January 2021

What is CVE-2020-27841?

A vulnerability exists in the OpenJPEG encoder found in versions prior to 2.4.0 that allows an attacker to exploit crafted input, resulting in out-of-bounds reads. This flaw affects application availability, posing a risk to any software relying on OpenJPEG for processing image data. Mitigation measures are crucial to prevent potential disruptions from this security issue.

Affected Version(s)

openjpeg openjpeg 2.4.0

References

https://bugzilla.redhat.com/show_bug.cgi?id=1907510
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://security.gentoo.org/glsa/202101-29
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.