CVE-2020-27814
Published: 30 November 2020
A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.
Notes
| Author | Note |
|---|---|
| mdeslaur | check bug to see if there are more commits before fixing |
Priority
Medium
CVSS 3 base score: 7.8
Status
| Package | Release | Status |
|---|---|---|
|
blender Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
| focal |
Not vulnerable
|
|
| groovy |
Not vulnerable
|
|
| hirsute |
Not vulnerable
|
|
| impish |
Not vulnerable
|
|
| jammy |
Not vulnerable
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
|
|
|
ghostscript Launchpad, Ubuntu, Debian |
bionic |
Released
(9.26~dfsg+0-0ubuntu0.18.04.14)
|
| focal |
Not vulnerable
(uses system openjpeg2)
|
|
| groovy |
Not vulnerable
(uses system openjpeg2)
|
|
| hirsute |
Not vulnerable
(uses system openjpeg2)
|
|
| impish |
Not vulnerable
(uses system openjpeg2)
|
|
| jammy |
Not vulnerable
(uses system openjpeg2)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(9.26~dfsg+0-0ubuntu0.16.04.14)
|
|
|
insighttoolkit4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| focal |
Not vulnerable
(code not present)
|
|
| groovy |
Not vulnerable
(code not present)
|
|
| hirsute |
Not vulnerable
(code not present)
|
|
| impish |
Not vulnerable
(code not present)
|
|
| jammy |
Not vulnerable
(code not present)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Not vulnerable
(code not present)
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
openjpeg Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Ignored
(end of standard support, was needs-triage)
|
|
|
openjpeg2 Launchpad, Ubuntu, Debian |
bionic |
Needed
|
| focal |
Released
(2.3.1-1ubuntu4.20.04.1)
|
|
| groovy |
Released
(2.3.1-1ubuntu4.20.10.1)
|
|
| hirsute |
Released
(2.3.1-1ubuntu5)
|
|
| impish |
Released
(2.3.1-1ubuntu5)
|
|
| jammy |
Released
(2.3.1-1ubuntu5)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(2.1.2-1.1+deb9u6build0.16.04.1)
|
|
|
Patches: upstream: https://github.com/uclouvain/openjpeg/commit/eaa098b59b346cb88e4d10d505061f669d7134fc upstream: https://github.com/uclouvain/openjpeg/commit/15cf3d95814dc931ca0ecb132f81cb152e051bae upstream: https://github.com/uclouvain/openjpeg/commit/649298dcf84b2f20cfe458d887c1591db47372a6 upstream: https://github.com/uclouvain/openjpeg/commit/4ce7d285a55d29b79880d0566d4b010fe1907aa9 |
||
|
qtwebengine-opensource-src Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
| focal |
Needed
|
|
| groovy |
Ignored
(reached end-of-life)
|
|
| hirsute |
Ignored
(reached end-of-life)
|
|
| impish |
Ignored
(reached end-of-life)
|
|
| jammy |
Needed
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
texmaker Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
| focal |
Not vulnerable
|
|
| groovy |
Not vulnerable
|
|
| hirsute |
Not vulnerable
|
|
| impish |
Not vulnerable
|
|
| jammy |
Not vulnerable
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
|
|