Out-of-Bounds Write Vulnerability in OpenJPEG Prior to Version 2.4.0
CVE-2020-27844

7.8HIGH

Key Information:

Vendor

Uclouvain

Status
Openjpeg
Vendor
CVE Published:
5 January 2021

What is CVE-2020-27844?

A flaw in OpenJPEG, specifically in the file src/lib/openjp2/t2.c, allows an attacker to exploit crafted input during the conversion and encoding processes, leading to out-of-bounds write conditions. This type of vulnerability can severely impact the confidentiality, integrity, and availability of the affected systems, thereby compromising critical data and functionality.

Affected Version(s)

openjpeg openjpeg 2.4.0

References

https://bugzilla.redhat.com/show_bug.cgi?id=1907521
x_refsource_MISC
https://security.gentoo.org/glsa/202101-29
vendor-advisoryx_refsource_GENTOO
https://lists.debian.org/debian-lts-announce/2021/02/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.