Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-27844

Опубликовано: 02 дек. 2020
Источник: redhat
CVSS3: 7.8

Описание

A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

A flaw was found in openjpeg's src/lib/openjp2/t2.c. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Меры по смягчению последствий

This flaw can be mitigated by not converting or encoding untrusted input data using openjpeg. For example, just reading a file with openjpeg does not trigger the flaw. Additionally, the fortify protection limits the degree of exploitation that the flaw could be used to achieve.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6openjpegOut of support scope
Red Hat Enterprise Linux 7openjpegOut of support scope
Red Hat Enterprise Linux 7openjpeg2Out of support scope
Red Hat Enterprise Linux 8openjpeg2Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20->CWE-122->CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=1907521openjpeg: heap-based buffer overflow in opj_t2_encode_packet function in openjp2/t2.c

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-27844

CVSS3: 7.8
ubuntu
около 5 лет назад

A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

nvd логотип

CVE-2020-27844

CVSS3: 7.8
nvd
около 5 лет назад

A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

msrc логотип

CVE-2020-27844

msrc
почти 5 лет назад

Chromium CVE-2020-27844: Heap buffer overflow in OpenJPEG

debian логотип

CVE-2020-27844

CVSS3: 7.8
debian
около 5 лет назад

A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior ...

github логотип

GHSA-p652-vj2w-8mcw

CVSS3: 7.8
github
больше 3 лет назад

A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

7.8 High

CVSS3