CVE-2020-27814

A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.

Published: Jan 26, 2021
Updated: Apr 14, 2023
CVE: CVE-2020-27814
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-122

Affected Software
References

Software	From	Fixed in
uclouvain / openjpeg	-	1.5.1.x
uclouvain / openjpeg	2.0.0	2.4.0
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x

https://bugzilla.redhat.com/show_bug.cgi?id=1901998
https://github.com/uclouvain/openjpeg/issues/1283
https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html
https://security.gentoo.org/glsa/202101-29
https://www.debian.org/security/2021/dsa-4882
https://www.oracle.com//security-alerts/cpujul2021.html

Vulnerability Database

289,697

CVE-2020-27814