Vulnerability Name: | CVE-2020-27843 (CCN-194427) | ||||||||||||||||||
Assigned: | 2020-12-02 | ||||||||||||||||||
Published: | 2020-12-02 | ||||||||||||||||||
Updated: | 2022-06-16 | ||||||||||||||||||
Summary: | A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. | ||||||||||||||||||
CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) 4.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)
4.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)
4.9 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)
| ||||||||||||||||||
CVSS v2 Severity: | 7.1 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C)
| ||||||||||||||||||
Vulnerability Type: | CWE-125 CWE-125 | ||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2020-27843 Source: CCN Type: Red Hat Bugzilla Bug 1907516 (CVE-2020-27843) - CVE-2020-27843 openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c Source: MISC Type: Issue Tracking, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1907516 Source: XF Type: UNKNOWN openjpeg-cve202027843-dos(194427) Source: CCN Type: openjpeg GIT Repository Encoder: error with small precincts, origin shift [was Out-of-bounds Read in t2.c:819] #1297 Source: MLIST Type: Mailing List, Third Party Advisory [debian-lts-announce] 20220410 [SECURITY] [DLA 2975-1] openjpeg2 security update Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2020-d32853a28d Source: GENTOO Type: Third Party Advisory GLSA-202101-29 Source: DEBIAN Type: Third Party Advisory DSA-4882 Source: N/A Type: Patch, Third Party Advisory N/A Source: MISC Type: Patch, Third Party Advisory https://www.oracle.com/security-alerts/cpuApr2021.html | ||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration CCN 1: ![]() | ||||||||||||||||||
Oval Definitions | |||||||||||||||||||
| |||||||||||||||||||
BACK |