There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P
Vendors Products
Redhat
  • Enterprise Linux
  • Codeready Linux Builder
  • Codeready Linux Builder For Power Little Endian
  • Enterprise Linux For Power Little Endian
  • Codeready Linux Builder For Ibm Z Systems
  • Enterprise Linux For Ibm Z Systems
Fedoraproject
  • Extra Packages For Enterprise Linux
  • Fedora
Uclouvain
  • Openjpeg
Debian
  • Debian Linux
Oracle
  • Outside In Technology

Configuration 1 [-]

cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1907513 Issue Tracking Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/
https://security.gentoo.org/glsa/202101-29 Third Party Advisory
https://www.debian.org/security/2021/dsa-4882 Mailing List Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html Patch Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2021-01-05T17:21:40

Updated: 2022-04-10T14:06:12

Reserved: 2020-10-27T00:00:00

Link: CVE-2020-27842

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2021-01-05T18:15:14.020

Modified: 2023-11-07T03:21:03.320

Link: CVE-2020-27842

JSON object: View

cve-icon Redhat Information

No data.

CWE