Out-of-bounds Write in openjpeg2

Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to Out-of-bounds Write. There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.

Remediation

There is no fixed version for openjpeg2.

References

ADVISORY
FEDORA
GENTOO
MISC
MLIST

Attack Vector

Local
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2020-27841
CWE: CWE-122 CWE-787
Snyk ID: SNYK-DEBIAN10-OPENJPEG2-1051988
Disclosed: 05 Jan, 2021
Published: 16 Dec, 2020

Out-of-bounds Write
Affecting openjpeg2 package, versions *

Overview

Remediation

References

CVSS Score

Out-of-bounds Write Affecting openjpeg2 package, versions *

Overview

Remediation

References

Out-of-bounds Write
Affecting openjpeg2 package, versions *