CVE-2020-27814
Published: 30 November 2020
A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.
Priority
Medium
CVSS 3 base score: 7.8
Status
| Package | Release | Status |
|---|---|---|
|
blender Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
ghostscript Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(uses system openjpeg2)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(uses system openjpeg2)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(9.26~dfsg+0-0ubuntu0.18.04.14)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(9.26~dfsg+0-0ubuntu0.16.04.14)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
insighttoolkit4 Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
(code not present)
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(code not present)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(code not present)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(code not present)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(code not present)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
openjpeg Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Ignored
(end of standard support, was needs-triage)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Needs triage
|
|
|
openjpeg2 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Released
(2.3.1-1ubuntu5)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Released
(2.3.1-1ubuntu4.20.04.1)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needed
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(2.1.2-1.1+deb9u6build0.16.04.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
Patches: Upstream: https://github.com/uclouvain/openjpeg/commit/eaa098b59b346cb88e4d10d505061f669d7134fc Upstream: https://github.com/uclouvain/openjpeg/commit/15cf3d95814dc931ca0ecb132f81cb152e051bae Upstream: https://github.com/uclouvain/openjpeg/commit/649298dcf84b2f20cfe458d887c1591db47372a6 Upstream: https://github.com/uclouvain/openjpeg/commit/4ce7d285a55d29b79880d0566d4b010fe1907aa9 |
||
|
qtwebengine-opensource-src Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Needed
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Needed
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
texmaker Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
Notes
| Author | Note |
|---|---|
| mdeslaur | check bug to see if there are more commits before fixing |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27814
- https://ubuntu.com/security/notices/USN-4685-1
- https://ubuntu.com/security/notices/USN-4686-1
- https://ubuntu.com/security/notices/USN-4880-1
- NVD
- Launchpad
- Debian