Vulnerability Details CVE-2020-27828
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.6%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1905201
- https://github.com/jasper-software/jasper/issues/252
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/COBEVDBUO3QTNR6YQBBTIQKNIB6W3MJ2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EBZZ2SNTQ4BSA6PNJCTOAKXIAXYNNF6V/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/
- https://bugzilla.redhat.com/show_bug.cgi?id=1905201
- https://github.com/jasper-software/jasper/issues/252
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/COBEVDBUO3QTNR6YQBBTIQKNIB6W3MJ2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EBZZ2SNTQ4BSA6PNJCTOAKXIAXYNNF6V/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/
Products affected by CVE-2020-27828
-
cpe:2.3:a:jasper_project:jasper:-
-
cpe:2.3:a:jasper_project:jasper:1.900.1
-
cpe:2.3:a:jasper_project:jasper:1.900.10
-
cpe:2.3:a:jasper_project:jasper:1.900.11
-
cpe:2.3:a:jasper_project:jasper:1.900.12
-
cpe:2.3:a:jasper_project:jasper:1.900.13
-
cpe:2.3:a:jasper_project:jasper:1.900.14
-
cpe:2.3:a:jasper_project:jasper:1.900.15
-
cpe:2.3:a:jasper_project:jasper:1.900.16
-
cpe:2.3:a:jasper_project:jasper:1.900.17
-
cpe:2.3:a:jasper_project:jasper:1.900.18
-
cpe:2.3:a:jasper_project:jasper:1.900.19
-
cpe:2.3:a:jasper_project:jasper:1.900.2
-
cpe:2.3:a:jasper_project:jasper:1.900.20
-
cpe:2.3:a:jasper_project:jasper:1.900.21
-
cpe:2.3:a:jasper_project:jasper:1.900.22
-
cpe:2.3:a:jasper_project:jasper:1.900.23
-
cpe:2.3:a:jasper_project:jasper:1.900.24
-
cpe:2.3:a:jasper_project:jasper:1.900.25
-
cpe:2.3:a:jasper_project:jasper:1.900.26
-
cpe:2.3:a:jasper_project:jasper:1.900.27
-
cpe:2.3:a:jasper_project:jasper:1.900.28
-
cpe:2.3:a:jasper_project:jasper:1.900.29
-
cpe:2.3:a:jasper_project:jasper:1.900.3
-
cpe:2.3:a:jasper_project:jasper:1.900.30
-
cpe:2.3:a:jasper_project:jasper:1.900.31
-
cpe:2.3:a:jasper_project:jasper:1.900.4
-
cpe:2.3:a:jasper_project:jasper:1.900.5
-
cpe:2.3:a:jasper_project:jasper:1.900.6
-
cpe:2.3:a:jasper_project:jasper:1.900.7
-
cpe:2.3:a:jasper_project:jasper:1.900.8
-
cpe:2.3:a:jasper_project:jasper:1.900.9
-
cpe:2.3:a:jasper_project:jasper:2.0.0
-
cpe:2.3:a:jasper_project:jasper:2.0.1
-
cpe:2.3:a:jasper_project:jasper:2.0.10
-
cpe:2.3:a:jasper_project:jasper:2.0.11
-
cpe:2.3:a:jasper_project:jasper:2.0.12
-
cpe:2.3:a:jasper_project:jasper:2.0.13
-
cpe:2.3:a:jasper_project:jasper:2.0.14
-
cpe:2.3:a:jasper_project:jasper:2.0.15
-
cpe:2.3:a:jasper_project:jasper:2.0.16
-
cpe:2.3:a:jasper_project:jasper:2.0.17
-
cpe:2.3:a:jasper_project:jasper:2.0.19
-
cpe:2.3:a:jasper_project:jasper:2.0.2
-
cpe:2.3:a:jasper_project:jasper:2.0.20
-
cpe:2.3:a:jasper_project:jasper:2.0.21
-
cpe:2.3:a:jasper_project:jasper:2.0.22
-
cpe:2.3:a:jasper_project:jasper:2.0.3
-
cpe:2.3:a:jasper_project:jasper:2.0.4
-
cpe:2.3:a:jasper_project:jasper:2.0.5
-
cpe:2.3:a:jasper_project:jasper:2.0.6
-
cpe:2.3:a:jasper_project:jasper:2.0.7
-
cpe:2.3:a:jasper_project:jasper:2.0.8
-
cpe:2.3:a:jasper_project:jasper:2.0.9
-
cpe:2.3:o:fedoraproject:fedora:32
-
cpe:2.3:o:fedoraproject:fedora:33