Vulnerability Details CVE-2020-27814
A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1901998
- https://github.com/uclouvain/openjpeg/issues/1283
- https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html
- https://security.gentoo.org/glsa/202101-29
- https://www.debian.org/security/2021/dsa-4882
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1901998
- https://github.com/uclouvain/openjpeg/issues/1283
- https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html
- https://security.gentoo.org/glsa/202101-29
- https://www.debian.org/security/2021/dsa-4882
- https://www.oracle.com//security-alerts/cpujul2021.html
Products affected by CVE-2020-27814
-
cpe:2.3:a:uclouvain:openjpeg:-
-
cpe:2.3:a:uclouvain:openjpeg:1.0
-
cpe:2.3:a:uclouvain:openjpeg:1.1
-
cpe:2.3:a:uclouvain:openjpeg:1.2
-
cpe:2.3:a:uclouvain:openjpeg:1.3
-
cpe:2.3:a:uclouvain:openjpeg:1.4
-
cpe:2.3:a:uclouvain:openjpeg:1.5
-
cpe:2.3:a:uclouvain:openjpeg:1.5.1
-
cpe:2.3:a:uclouvain:openjpeg:2.0.0
-
cpe:2.3:a:uclouvain:openjpeg:2.0.1
-
cpe:2.3:a:uclouvain:openjpeg:2.1
-
cpe:2.3:a:uclouvain:openjpeg:2.1.0
-
cpe:2.3:a:uclouvain:openjpeg:2.1.1
-
cpe:2.3:a:uclouvain:openjpeg:2.1.2
-
cpe:2.3:a:uclouvain:openjpeg:2.2.0
-
cpe:2.3:a:uclouvain:openjpeg:2.3.0
-
cpe:2.3:a:uclouvain:openjpeg:2.3.1
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:9.0