CVE-2020-27844
HIGHopenjpeg < 2.4.0 - Out-of-Bounds Write via Crafted Input
Title source: llmDescription
A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
References (5)
Core 5
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1907521
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202101-29
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com//security-alerts/cpujul2021.html
Scores
CVSS v3
7.8
EPSS
0.0133
EPSS Percentile
67.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (3)
debian/debian_linux
9.0
oracle/outside_in_technology
8.5.5
uclouvain/openjpeg
< 2.4.0
Published
Jan 05, 2021
Tracked Since
Feb 18, 2026