CVE-2020-27824

Affecting openjpeg2 package, versions <2.1.2-1.1+deb9u6

Report new vulnerabilities
low severity
Do your applications use this vulnerable package? Test your applications

NVD Description

Note: Versions mentioned in the description apply to the upstream openjpeg2 package. See Remediation section below for Debian:9 relevant versions.

A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.

Remediation

Upgrade Debian:9 openjpeg2 to version 2.1.2-1.1+deb9u6 or higher.

References

CVE
CVE-2020-27824
Snyk ID
SNYK-DEBIAN9-OPENJPEG2-1050135
Disclosed
13 May, 2021
Published
10 Dec, 2020