Home

CVE-2020-27823

Description

A flaw was found in OpenJPEGs encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.037

Associated Vulnerability

VulnerabilityOS Platform
JPEG 2000 image compression/decompression library (USN-4685-1) libopenjp2-7_2.3.1-1ubuntu4.20.04.1_i386.debLinux
JPEG 2000 image compression/decompression library (USN-4685-1) libopenjp2-7_2.3.1-1ubuntu4.20.04.1_amd64.debLinux
JPEG 2000 image compression/decompression library (USN-4685-1) libopenjp2-7_2.3.1-1ubuntu4.20.10.1_i386.debLinux
JPEG 2000 image compression/decompression library (USN-4685-1) libopenjp2-7_2.3.1-1ubuntu4.20.10.1_amd64.debLinux
JPEG 2000 image compression/decompression library (USN-4685-1) libopenjp3d7_2.3.1-1ubuntu4.20.04.1_i386.debLinux
JPEG 2000 image compression/decompression library (USN-4685-1) libopenjp3d7_2.3.1-1ubuntu4.20.04.1_amd64.debLinux
JPEG 2000 image compression/decompression library (USN-4685-1) libopenjp3d7_2.3.1-1ubuntu4.20.10.1_i386.debLinux
JPEG 2000 image compression/decompression library (USN-4685-1) libopenjp3d7_2.3.1-1ubuntu4.20.10.1_amd64.debLinux
JPEG 2000 image compression/decompression library (USN-4685-1) libopenjpip7_2.3.1-1ubuntu4.20.04.1_i386.debLinux
JPEG 2000 image compression/decompression library (USN-4685-1) libopenjpip7_2.3.1-1ubuntu4.20.04.1_amd64.debLinux
JPEG 2000 image compression/decompression library (USN-4685-1) libopenjpip7_2.3.1-1ubuntu4.20.10.1_i386.debLinux
JPEG 2000 image compression/decompression library (USN-4685-1) libopenjpip7_2.3.1-1ubuntu4.20.10.1_amd64.debLinux
JPEG 2000 image compression/decompression library (USN-4880-1) libopenjp2-7_2.1.2-1.1+deb9u6build0.16.04.1_i386.debLinux
JPEG 2000 image compression/decompression library (USN-4880-1) libopenjp2-7_2.1.2-1.1+deb9u6build0.16.04.1_amd64.debLinux
JPEG 2000 image compression/decompression library (USN-4880-1) libopenjp3d7_2.1.2-1.1+deb9u6build0.16.04.1_i386.debLinux
JPEG 2000 image compression/decompression library (USN-4880-1) libopenjp3d7_2.1.2-1.1+deb9u6build0.16.04.1_amd64.debLinux
JPEG 2000 image compression/decompression library (USN-4880-1) libopenjpip7_2.1.2-1.1+deb9u6build0.16.04.1_i386.debLinux
JPEG 2000 image compression/decompression library (USN-4880-1) libopenjpip7_2.1.2-1.1+deb9u6build0.16.04.1_amd64.debLinux
SUSE-SU-2022:1129-1(SUSE Linux Enterprise Server 12-SP5 ) libopenjp2-7-2.1.0-4.15.1.x86_64.rpmLinux
SUSE-SU-2022:1129-1(SUSE Linux Enterprise Server 12-SP5 ) libopenjp2-7-debuginfo-2.1.0-4.15.1.x86_64.rpmLinux
SUSE-SU-2022:1129-1(SUSE Linux Enterprise Server 12-SP5 ) openjpeg2-debuginfo-2.1.0-4.15.1.x86_64.rpmLinux
SUSE-SU-2022:1129-1(SUSE Linux Enterprise Server 12-SP5 ) openjpeg2-debugsource-2.1.0-4.15.1.x86_64.rpmLinux
JPEG 2000 image compression/decompression library (USN-5952-1) libopenjp2-7_2.3.0-2+deb10u2build0.18.04.1_i386.debLinux
JPEG 2000 image compression/decompression library (USN-5952-1) libopenjp2-7_2.3.0-2+deb10u2build0.18.04.1_amd64.debLinux
JPEG 2000 image compression/decompression library (USN-5952-1) libopenjp3d7_2.3.0-2+deb10u2build0.18.04.1_i386.debLinux
JPEG 2000 image compression/decompression library (USN-5952-1) libopenjp3d7_2.3.0-2+deb10u2build0.18.04.1_amd64.debLinux
JPEG 2000 image compression/decompression library (USN-5952-1) libopenjpip7_2.3.0-2+deb10u2build0.18.04.1_i386.debLinux
JPEG 2000 image compression/decompression library (USN-5952-1) libopenjpip7_2.3.0-2+deb10u2build0.18.04.1_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234