CVE-2020-27844

HIGH

openjpeg < 2.4.0 - Out-of-Bounds Write via Crafted Input

Title source: llm
STIX 2.1

Description

A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

References (5)

Core 5
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1907521
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202101-29
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com//security-alerts/cpujul2021.html

Scores

CVSS v3 7.8
EPSS 0.0133
EPSS Percentile 67.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (3)
debian/debian_linux 9.0
oracle/outside_in_technology 8.5.5
uclouvain/openjpeg < 2.4.0
Published Jan 05, 2021
Tracked Since Feb 18, 2026