CVE-2020-27823

NameCVE-2020-27823
DescriptionA flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2550-1, DSA-4882-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openjpeg2 (PTS)bullseye2.4.0-3fixed
bullseye (security)2.4.0-3+deb11u1fixed
bookworm, bookworm (security)2.5.0-2+deb12u1fixed
sid, trixie2.5.3-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openjpeg2sourcestretch2.1.2-1.1+deb9u6DLA-2550-1
openjpeg2sourcebuster2.3.0-2+deb10u2DSA-4882-1
openjpeg2source(unstable)2.4.0-1

Notes

https://github.com/uclouvain/openjpeg/issues/1284
https://github.com/uclouvain/openjpeg/commit/b2072402b7e14d22bba6fb8cde2a1e9996e9a919 (v2.4.0)
Search for package or bug name: Reporting problems