CVE-2020-27814: Buffer Overflow
First published: Thu Nov 26 2020(Updated: )
A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/openjpeg | <2.4.0 | 2.4.0 |
| debian/openjpeg2 | 2.4.0-3 2.5.0-2 | |
| uclouvain openjpeg | <=1.5.1 | |
| uclouvain openjpeg | >=2.0.0<2.4.0 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1901998
- https://github.com/uclouvain/openjpeg/issues/1283
- https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html
- https://security.gentoo.org/glsa/202101-29
- https://www.debian.org/security/2021/dsa-4882
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://launchpad.net/bugs/cve/CVE-2020-27814
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1902001
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1901999
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1902000
- https://github.com/uclouvain/openjpeg/commit/15cf3d95814dc931ca0ecb132f81cb152e051bae
- https://github.com/uclouvain/openjpeg/commit/eaa098b59b346cb88e4d10d505061f669d7134fc
- https://access.redhat.com/security/cve/cve-2020-27814
- https://access.redhat.com/errata/RHSA-2021:4251
- https://github.com/uclouvain/openjpeg/commit/649298dcf84b2f20cfe458d887c1591db47372a6
- https://github.com/uclouvain/openjpeg/commit/4ce7d285a55d29b79880d0566d4b010fe1907aa9
- https://security-tracker.debian.org/tracker/CVE-2020-27814
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27814
- https://nvd.nist.gov/vuln/detail/CVE-2020-27814
- https://ubuntu.com/security/CVE-2020-27814
Frequently Asked Questions
What is CVE-2020-27814?
CVE-2020-27814 is a vulnerability in openjpeg2 that allows a heap-buffer overflow when handling certain PNG format files.
How does CVE-2020-27814 impact an application?
CVE-2020-27814 can cause an application crash or allow an attacker to execute arbitrary code with the user's permission.
What is the severity level of CVE-2020-27814?
The severity level of CVE-2020-27814 is high with a CVSS score of 7.8.
Which software versions are affected by CVE-2020-27814?
Openjpeg versions 1.5.1 to 2.4.0 are affected by CVE-2020-27814, as well as some Debian and Ubuntu Linux distributions.
How can I fix CVE-2020-27814?
To fix CVE-2020-27814, update to version 2.4.0 or later of openjpeg2 or apply the appropriate patches provided by your Linux distributor.
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-27814
- agent/software-canonical-lookup
- agent/weakness
- agent/severity
- collector/security-tracker-debian
- source/Debian
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/description
- agent/event
- agent/last-modified-date
- agent/trending
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- package-manager/redhat
- package-manager/debian
- vendor/uclouvain
- canonical/uclouvain openjpeg
- version/uclouvain openjpeg/1.5.1
- version/uclouvain openjpeg/2.0.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0