CVE-2020-27823

Published: 5/13/2021 Last updated: 8/4/2024 Reserved: 10/27/2020

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (1)

grib

Products affected (1)

Product	Vendor	Version
openjpeg	n/a	all version prior to Version 1.00.06

References (10)

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/
https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html
https://www.debian.org/security/2021/dsa-4882
https://bugzilla.redhat.com/show_bug.cgi?id=1905762
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/
https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html
https://www.debian.org/security/2021/dsa-4882
https://bugzilla.redhat.com/show_bug.cgi?id=1905762