CVE-2020-27841

Опубликовано: 01 дек. 2020

Источник: redhat

CVSS3: 5.5

Описание

There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.

A flaw was found in OpenJPEG in src/lib/openjp2/pi.c. This flaw allows an attacker who can provide crafted input to be processed by the OpenJPEG encoder to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.

Отчет

This issue does not affect openjpeg2 as shipped with Red Hat Enterprise Linux 8 because the affected functionality was introduced in the current master but is absent from the shipped release.

Меры по смягчению последствий

This flaw could be mitigated if OpenJPEG is not used for converting or encoding images, or untrusted input is not provided for these functions.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	openjpeg	Out of support scope
Red Hat Enterprise Linux 7	openjpeg	Out of support scope
Red Hat Enterprise Linux 7	openjpeg2	Out of support scope
Red Hat Enterprise Linux 8	openjpeg2	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=1907510openjpeg: heap-based buffer overflows in lib/openjp2/pi.c

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2020-27841

CVSS3: 5.5

ubuntu

около 5 лет назад

CVE-2020-27841

CVSS3: 5.5

nvd

около 5 лет назад

CVE-2020-27841

CVSS3: 5.5

msrc

больше 1 года назад

Описание отсутствует

CVE-2020-27841

CVSS3: 5.5

debian

около 5 лет назад

There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openj ...

GHSA-7hw5-f79p-8gpg

CVSS3: 5.5

github

больше 3 лет назад

5.5 Medium

CVSS3