CVE-2020-27814

Published: 30 November 2020

A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.

Notes

Author	Note
mdeslaur	check bug to see if there are more commits before fixing

Priority

Cvss 3 Severity Score

7.8

Score breakdown

Status

Package	Release	Status
blender Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	focal	Not vulnerable
	groovy	Not vulnerable
	hirsute	Not vulnerable
	impish	Not vulnerable
	jammy	Not vulnerable
	kinetic	Not vulnerable
	precise	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Not vulnerable
ghostscript Launchpad, Ubuntu, Debian	bionic	Released (9.26~dfsg+0-0ubuntu0.18.04.14)
	focal	Not vulnerable (uses system openjpeg2)
	groovy	Not vulnerable (uses system openjpeg2)
	hirsute	Not vulnerable (uses system openjpeg2)
	impish	Not vulnerable (uses system openjpeg2)
	jammy	Not vulnerable (uses system openjpeg2)
	kinetic	Not vulnerable (uses system openjpeg2)
	precise	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Released (9.26~dfsg+0-0ubuntu0.16.04.14)
insighttoolkit4 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (code not present)
	focal	Not vulnerable (code not present)
	groovy	Not vulnerable (code not present)
	hirsute	Not vulnerable (code not present)
	impish	Not vulnerable (code not present)
	jammy	Not vulnerable (code not present)
	kinetic	Not vulnerable (code not present)
	precise	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (code not present)
	xenial	Not vulnerable (code not present)
openjpeg Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	precise	Does not exist
	trusty	Not vulnerable (code not present)
	upstream	Needs triage
	xenial	Not vulnerable (code not present)
openjpeg2 Launchpad, Ubuntu, Debian	bionic	Needed
	focal	Released (2.3.1-1ubuntu4.20.04.1)
	groovy	Released (2.3.1-1ubuntu4.20.10.1)
	hirsute	Released (2.3.1-1ubuntu5)
	impish	Released (2.3.1-1ubuntu5)
	jammy	Released (2.3.1-1ubuntu5)
	kinetic	Released (2.3.1-1ubuntu5)
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (2.4.0)
	xenial	Released (2.1.2-1.1+deb9u6build0.16.04.1)
	Patches: upstream: https://github.com/uclouvain/openjpeg/commit/eaa098b59b346cb88e4d10d505061f669d7134fc upstream: https://github.com/uclouvain/openjpeg/commit/15cf3d95814dc931ca0ecb132f81cb152e051bae upstream: https://github.com/uclouvain/openjpeg/commit/649298dcf84b2f20cfe458d887c1591db47372a6 upstream: https://github.com/uclouvain/openjpeg/commit/4ce7d285a55d29b79880d0566d4b010fe1907aa9
qtwebengine-opensource-src Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	focal	Needed
	groovy	Ignored (reached end-of-life)
	hirsute	Ignored (reached end-of-life)
	impish	Ignored (reached end-of-life)
	jammy	Needed
	kinetic	Needed
	precise	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
texmaker Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	focal	Not vulnerable
	groovy	Not vulnerable
	hirsute	Not vulnerable
	impish	Not vulnerable
	jammy	Not vulnerable
	kinetic	Not vulnerable
	precise	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Not vulnerable

Severity score breakdown

Parameter	Value
Base score	7.8
Attack vector	Local
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Bugs

https://github.com/uclouvain/openjpeg/issues/1283

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›