CVE-2020-27814
Description
A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.195
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| JPEG 2000 image compression/decompression library (USN-4685-1) libopenjp2-7_2.3.1-1ubuntu4.20.04.1_i386.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-4685-1) libopenjp2-7_2.3.1-1ubuntu4.20.04.1_amd64.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-4685-1) libopenjp2-7_2.3.1-1ubuntu4.20.10.1_i386.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-4685-1) libopenjp2-7_2.3.1-1ubuntu4.20.10.1_amd64.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-4685-1) libopenjp3d7_2.3.1-1ubuntu4.20.04.1_i386.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-4685-1) libopenjp3d7_2.3.1-1ubuntu4.20.04.1_amd64.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-4685-1) libopenjp3d7_2.3.1-1ubuntu4.20.10.1_i386.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-4685-1) libopenjp3d7_2.3.1-1ubuntu4.20.10.1_amd64.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-4685-1) libopenjpip7_2.3.1-1ubuntu4.20.04.1_i386.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-4685-1) libopenjpip7_2.3.1-1ubuntu4.20.04.1_amd64.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-4685-1) libopenjpip7_2.3.1-1ubuntu4.20.10.1_i386.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-4685-1) libopenjpip7_2.3.1-1ubuntu4.20.10.1_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-4686-1) libgs9_9.26~dfsg+0-0ubuntu0.16.04.14_i386.deb | Linux |
| PostScript and PDF interpreter (USN-4686-1) libgs9_9.26~dfsg+0-0ubuntu0.16.04.14_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-4686-1) libgs9_9.26~dfsg+0-0ubuntu0.18.04.14_i386.deb | Linux |
| PostScript and PDF interpreter (USN-4686-1) libgs9_9.26~dfsg+0-0ubuntu0.18.04.14_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-4686-1) ghostscript_9.26~dfsg+0-0ubuntu0.16.04.14_i386.deb | Linux |
| PostScript and PDF interpreter (USN-4686-1) ghostscript_9.26~dfsg+0-0ubuntu0.16.04.14_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-4686-1) ghostscript_9.26~dfsg+0-0ubuntu0.18.04.14_i386.deb | Linux |
| PostScript and PDF interpreter (USN-4686-1) ghostscript_9.26~dfsg+0-0ubuntu0.18.04.14_amd64.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-4880-1) libopenjp2-7_2.1.2-1.1+deb9u6build0.16.04.1_i386.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-4880-1) libopenjp2-7_2.1.2-1.1+deb9u6build0.16.04.1_amd64.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-4880-1) libopenjp3d7_2.1.2-1.1+deb9u6build0.16.04.1_i386.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-4880-1) libopenjp3d7_2.1.2-1.1+deb9u6build0.16.04.1_amd64.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-4880-1) libopenjpip7_2.1.2-1.1+deb9u6build0.16.04.1_i386.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-4880-1) libopenjpip7_2.1.2-1.1+deb9u6build0.16.04.1_amd64.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-5952-1) libopenjp2-7_2.3.0-2+deb10u2build0.18.04.1_i386.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-5952-1) libopenjp2-7_2.3.0-2+deb10u2build0.18.04.1_amd64.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-5952-1) libopenjp3d7_2.3.0-2+deb10u2build0.18.04.1_i386.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-5952-1) libopenjp3d7_2.3.0-2+deb10u2build0.18.04.1_amd64.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-5952-1) libopenjpip7_2.3.0-2+deb10u2build0.18.04.1_i386.deb | Linux |
| JPEG 2000 image compression/decompression library (USN-5952-1) libopenjpip7_2.3.0-2+deb10u2build0.18.04.1_amd64.deb | Linux |
| SUSE-SU-2022:3802-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) openjpeg2-2.3.0-150000.3.8.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3802-1(SUSE Linux Enterprise Module for Basesystem 15-SP4 ) openjpeg2-2.3.0-150000.3.8.1.x86_64_15_SP4.rpm | Linux |
| SUSE-SU-2022:3802-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libopenjp2-7-2.3.0-150000.3.8.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3802-1(SUSE Linux Enterprise Module for Basesystem 15-SP4 ) libopenjp2-7-2.3.0-150000.3.8.1.x86_64_15_SP4.rpm | Linux |
| SUSE-SU-2022:3802-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) openjpeg2-devel-2.3.0-150000.3.8.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3802-1(SUSE Linux Enterprise Module for Basesystem 15-SP4 ) openjpeg2-devel-2.3.0-150000.3.8.1.x86_64_15_SP4.rpm | Linux |
| SUSE-SU-2022:3802-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) openjpeg2-debuginfo-2.3.0-150000.3.8.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3802-1(SUSE Linux Enterprise Module for Basesystem 15-SP4 ) openjpeg2-debuginfo-2.3.0-150000.3.8.1.x86_64_15_SP4.rpm | Linux |
| SUSE-SU-2022:3802-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) openjpeg2-debugsource-2.3.0-150000.3.8.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3802-1(SUSE Linux Enterprise Module for Basesystem 15-SP4 ) openjpeg2-debugsource-2.3.0-150000.3.8.1.x86_64_15_SP4.rpm | Linux |
| SUSE-SU-2022:3802-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libopenjp2-7-debuginfo-2.3.0-150000.3.8.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3802-1(SUSE Linux Enterprise Module for Basesystem 15-SP4 ) libopenjp2-7-debuginfo-2.3.0-150000.3.8.1.x86_64_15_SP4.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234