null pointer dereference vulnerability in openjpeg product by vendor
CVE-2020-27842

5.5MEDIUM

Key Information:

Vendor

Uclouvain

Status
Openjpeg
Vendor
CVE Published:
5 January 2021

What is CVE-2020-27842?

A vulnerability exists in openjpeg's t2 encoder that affects versions before 2.4.0. An attacker can exploit this flaw by providing specially crafted inputs, leading to a null pointer dereference. This vulnerability primarily impacts the availability of the application, making it crucial for users to update their software to the latest version to mitigate the risk.

Affected Version(s)

openjpeg openjpeg 2.4.0

References

https://bugzilla.redhat.com/show_bug.cgi?id=1907513
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://security.gentoo.org/glsa/202101-29
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.