CVE-2020-27823
Published: 9 December 2020
A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Priority
Status
Package | Release | Status |
---|---|---|
texmaker Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
hirsute |
Ignored
(end of life)
|
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
xenial |
Needs triage
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
mantic |
Needs triage
|
|
blender Launchpad, Ubuntu, Debian |
hirsute |
Ignored
(end of life)
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
xenial |
Needs triage
|
|
bionic |
Needs triage
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
mantic |
Needs triage
|
|
insighttoolkit4 Launchpad, Ubuntu, Debian |
hirsute |
Ignored
(end of life)
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
xenial |
Needs triage
|
|
bionic |
Needs triage
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
mantic |
Does not exist
|
|
qtwebengine-opensource-src Launchpad, Ubuntu, Debian |
hirsute |
Ignored
(end of life)
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
bionic |
Needs triage
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
mantic |
Needs triage
|
|
ghostscript Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
bionic |
Not vulnerable
(code not compiled)
|
|
xenial |
Not vulnerable
(code not compiled)
|
|
focal |
Not vulnerable
(uses system openjpeg2)
|
|
groovy |
Not vulnerable
(uses system openjpeg2)
|
|
hirsute |
Not vulnerable
(uses system openjpeg2)
|
|
impish |
Not vulnerable
(uses system openjpeg2)
|
|
jammy |
Not vulnerable
(uses system openjpeg2)
|
|
kinetic |
Not vulnerable
(uses system openjpeg2)
|
|
lunar |
Not vulnerable
(uses system openjpeg2)
|
|
trusty |
Does not exist
|
|
mantic |
Not vulnerable
(uses system openjpeg2)
|
|
openjpeg2 Launchpad, Ubuntu, Debian |
focal |
Released
(2.3.1-1ubuntu4.20.04.1)
|
groovy |
Released
(2.3.1-1ubuntu4.20.10.1)
|
|
hirsute |
Released
(2.3.1-1ubuntu5)
|
|
bionic |
Released
(2.3.0-2+deb10u2build0.18.04.1)
|
|
impish |
Released
(2.3.1-1ubuntu5)
|
|
jammy |
Released
(2.3.1-1ubuntu5)
|
|
kinetic |
Released
(2.3.1-1ubuntu5)
|
|
lunar |
Released
(2.3.1-1ubuntu5)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.4.0)
|
|
xenial |
Released
(2.1.2-1.1+deb9u6build0.16.04.1)
|
|
mantic |
Released
(2.3.1-1ubuntu5)
|
|
Patches: upstream: https://github.com/uclouvain/openjpeg/commit/b2072402b7e14d22bba6fb8cde2a1e9996e9a919 |
||
openjpeg Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code not present)
|
|
mantic |
Does not exist
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |