Vulnerabilities > CVE-2020-27842

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

NVD

Published: 2021-01-05

Updated: 2024-11-21

Summary

There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.

Vulnerable Configurations

Part	Description	Count
Application	Uclouvain Uclouvain Openjpeg - Uclouvain Openjpeg 1.0 Uclouvain Openjpeg 1.1 Uclouvain Openjpeg 1.2 Uclouvain Openjpeg 1.3 Uclouvain Openjpeg 1.4 Uclouvain Openjpeg 1.5 Uclouvain Openjpeg 1.5.1 Uclouvain Openjpeg 1.5.2 Uclouvain Openjpeg 2.0 Uclouvain Openjpeg 2.0.0 Uclouvain Openjpeg 2.0.1 Uclouvain Openjpeg 2.1 Uclouvain Openjpeg 2.1.0 Uclouvain Openjpeg 2.1.1 Uclouvain Openjpeg 2.1.2 Uclouvain Openjpeg 2.2.0 Uclouvain Openjpeg 2.3.0 Uclouvain Openjpeg 2.3.1 Uclouvain Openjpeg 2.4.0	20
Application	Fedoraproject Fedoraproject Extra Packages FOR Enterprise Linux 7.0	1
Application	Redhat Redhat Codeready Linux Builder FOR IBM Z Systems 8.0 Redhat Codeready Linux Builder 8.0	2
Application	Oracle Oracle Outside IN Technology 8.5.5	1
OS	Fedoraproject Fedoraproject Fedora 32 Fedoraproject Fedora 33	2
OS	Debian Debian Debian Linux 9.0 Debian Debian Linux 10.0	2
OS	Redhat Redhat Enterprise Linux 8.0 Redhat Enterprise Linux FOR Power Little Endian 8.0 Redhat Enterprise Linux FOR IBM Z Systems 8.0 Redhat Codeready Linux Builder FOR Power Little Endian 8.0	4

References

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.