CVE-2020-27814
openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.
Se encontró un desbordamiento del búfer en la manera en que openjpeg2 manejaba determinados archivos en formato PNG. Un atacante podría usar este fallo para causar el bloqueo de una aplicación o, en algunos casos, ejecutar código arbitrario con el permiso del usuario que ejecuta dicha aplicación
An update that fixes 8 vulnerabilities is now available. This update for openjpeg2 fixes the following issues. Fixed OOB read in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c. Fixed heap buffer overflow in color_apply_icc_profile in bin/common/color.c. Fixed heap buffer overflow in lib/openjp2/mqc.c, Fixed OOB read in opj_dwt_calc_explicit_stepsizes. Fixed buffer over-read in lib/openjp2/pi.c. Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c. Fixed OOB read in opj_t2_encode_packet function in openjp2/t2.c. Fixed heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-10-27 CVE Reserved
- 2021-01-25 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2025-06-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-122: Heap-based Buffer Overflow
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html | Mailing List |
|
| https://www.oracle.com//security-alerts/cpujul2021.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/uclouvain/openjpeg/issues/1283 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1901998 | 2021-11-09 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202101-29 | 2022-10-07 | |
| https://www.debian.org/security/2021/dsa-4882 | 2022-10-07 | |
| https://access.redhat.com/security/cve/CVE-2020-27814 | 2021-11-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Uclouvain Search vendor "Uclouvain" | Openjpeg Search vendor "Uclouvain" for product "Openjpeg" | <= 1.5.1 Search vendor "Uclouvain" for product "Openjpeg" and version " <= 1.5.1" | - |
Affected
| ||||||
| Uclouvain Search vendor "Uclouvain" | Openjpeg Search vendor "Uclouvain" for product "Openjpeg" | >= 2.0.0 < 2.4.0 Search vendor "Uclouvain" for product "Openjpeg" and version " >= 2.0.0 < 2.4.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||