Home

CVE-2020-27844

Description

A flaw was found in openjpegs src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.778

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in Google Chrome (x64) (89.0.4389.72)Windows
Multiple vulnerabilities fixed in Google Chrome (89.0.4389.72)Windows
Multiple vulnerabilities fixed in Microsoft Edge for chromium business (89.0.774.45)Windows
Multiple vulnerabilities fixed in Microsoft Edge for chromium business (x64) (89.0.774.45)Windows
Multiple vulnerabilities are fixed in Google Chrome For Mac (89.0.4389.72)Mac
Vulnerabilities CVE-2020-27844 are Affected in Chrome for Centos 89.0.4389.71Linux
Vulnerabilities CVE-2020-27844 are Affected in Chrome for Debian 89.0.4389.71Linux
Vulnerabilities CVE-2020-27844 are Affected in Chrome for RedHat 89.0.4389.71Linux
Vulnerabilities CVE-2020-27844 are Affected in Chrome for Suse 89.0.4389.71Linux
Vulnerabilities CVE-2020-27844 are Affected in Chrome for Ubuntu 89.0.4389.71Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-318598Google Chrome (x64) (89.0.4389.72)
PATCH-318597Google Chrome (89.0.4389.72)
PATCH-109333Microsoft Edge for chromium business (99.0.1150.30) (x86)
PATCH-109332Microsoft Edge for chromium business (99.0.1150.30) (x64)
PATCH-609673Google Chrome for Mac (132.0.6834.83, 132.0.6834.84)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234