What is the severity of CVE-2020-27823?

The severity of CVE-2020-27823 is high with a CVSS score of 7.8.

How does CVE-2020-27823 affect OpenJPEG's encoder?

CVE-2020-27823 allows an attacker to pass specially crafted x, y offset input to OpenJPEG's encoder, which can lead to confidentiality, integrity, and system availability issues.

Which versions of OpenJPEG's software are affected by CVE-2020-27823?

OpenJPEG versions 2.3.1-1ubuntu4.20.04.1, 2.3.1-1ubuntu4.20.10.1, 2.3.1-1ubuntu5, 2.3.0-2+, 2.4.0, and 2.1.2-1.1+ are affected by CVE-2020-27823.

How can I fix CVE-2020-27823?

Apply the recommended updates for OpenJPEG by following the instructions provided by your software vendor or project team.

Where can I find more information about CVE-2020-27823?

You can find more information about CVE-2020-27823 on the MITRE CVE database (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27823) and the Ubuntu Security Notices (USN-4685-1, USN-4880-1) websites.

Vulnerability/
CVE-2020-27823

high

7.8

CWE

120 787 20 119

9/12/2020

13/5/2021

21/11/2024

CVE-2020-27823: Input Validation

First published: Wed Dec 09 2020(Updated: )

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/openjpeg	<2.4.0	2.4.0
debian/openjpeg2		2.4.0-3 2.5.0-2
uclouvain openjpeg	<2.4.0
Fedoraproject Fedora	=32
Fedoraproject Fedora	=33
Debian Debian Linux	=9.0
Debian Debian Linux	=10.0

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=1905762

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-27823?
The severity of CVE-2020-27823 is high with a CVSS score of 7.8.
How does CVE-2020-27823 affect OpenJPEG's encoder?
CVE-2020-27823 allows an attacker to pass specially crafted x, y offset input to OpenJPEG's encoder, which can lead to confidentiality, integrity, and system availability issues.
Which versions of OpenJPEG's software are affected by CVE-2020-27823?
OpenJPEG versions 2.3.1-1ubuntu4.20.04.1, 2.3.1-1ubuntu4.20.10.1, 2.3.1-1ubuntu5, 2.3.0-2+, 2.4.0, and 2.1.2-1.1+ are affected by CVE-2020-27823.
How can I fix CVE-2020-27823?
Apply the recommended updates for OpenJPEG by following the instructions provided by your software vendor or project team.
Where can I find more information about CVE-2020-27823?
You can find more information about CVE-2020-27823 on the MITRE CVE database (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27823) and the Ubuntu Security Notices (USN-4685-1, USN-4880-1) websites.

agent/type
collector/launchpad-cve
source/Launchpad
agent/author
agent/weakness
agent/severity
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2020-27823
agent/software-canonical-lookup
collector/security-tracker-debian
source/Debian
collector/mitre-cve
source/MITRE
collector/usn-cve
source/Ubuntu
agent/references
agent/remedy
agent/description
agent/first-publish-date
agent/event
agent/last-modified-date
agent/trending
agent/source
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
agent/tags
agent/softwarecombine
collector/nvd-index
package-manager/redhat
package-manager/debian
vendor/uclouvain
canonical/uclouvain openjpeg
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/32
version/fedoraproject fedora/33
vendor/debian
canonical/debian debian linux
version/debian debian linux/9.0
version/debian debian linux/10.0