Out-of-Bounds Read Vulnerability in OpenJPEG Prior to Version 2.4.0
CVE-2020-27845

5.5MEDIUM

Key Information:

Vendor: Uclouvain
Status: Openjpeg
Vendor: CVE Published:; 5 January 2021

🔔 Create Uclouvain Vulnerability Alert

What is CVE-2020-27845?

A security flaw in OpenJPEG's conversion and encoding functions allows an attacker to provide untrusted input, resulting in an out-of-bounds read. This flaw poses risks to the application's availability, potentially leading to service disruptions. It is crucial to update to OpenJPEG version 2.4.0 or later to mitigate such threats.

Affected Version(s)

openjpeg openjpeg 2.4.0

References

https://bugzilla.redhat.com/show_bug.cgi?id=1907523

x_refsource_MISC

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://security.gentoo.org/glsa/202101-29

vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 5, 2021
Vulnerability Reserved
Oct 27, 2020

CVE-2020-27845 Data

.