CVE-2020-27823

high

Description

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

References

https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html

https://bugzilla.redhat.com/show_bug.cgi?id=1905762

https://lists.fedoraproject.org/archives/list/[email protected]/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP/

https://lists.fedoraproject.org/archives/list/[email protected]/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/

https://www.debian.org/security/2021/dsa-4882

Details

Source: MITRE

Published: 2021-05-13

Updated: 2021-06-02

Type: CWE-787

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH