UBUNTU-CVE-2020-27814

Source
https://ubuntu.com/security/CVE-2020-27814
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-27814.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-27814
Related
Published
2020-11-30T00:00:00Z
Modified
2024-10-15T14:07:45Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.

References

Affected packages

Ubuntu:16.04:LTS / ghostscript

Package

Name
ghostscript
Purl
pkg:deb/ubuntu/ghostscript?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.26~dfsg+0-0ubuntu0.16.04.14

Affected versions

9.*

9.16~dfsg~0-0ubuntu3
9.16~dfsg~0-0ubuntu4
9.18~dfsg~0-0ubuntu1
9.18~dfsg~0-0ubuntu2
9.18~dfsg~0-0ubuntu2.2
9.18~dfsg~0-0ubuntu2.3
9.18~dfsg~0-0ubuntu2.4
9.18~dfsg~0-0ubuntu2.6
9.18~dfsg~0-0ubuntu2.7
9.18~dfsg~0-0ubuntu2.8
9.18~dfsg~0-0ubuntu2.9
9.25~dfsg+1-0ubuntu0.16.04.1
9.25~dfsg+1-0ubuntu0.16.04.2
9.25~dfsg+1-0ubuntu0.16.04.3
9.26~dfsg+0-0ubuntu0.16.04.1
9.26~dfsg+0-0ubuntu0.16.04.3
9.26~dfsg+0-0ubuntu0.16.04.4
9.26~dfsg+0-0ubuntu0.16.04.5
9.26~dfsg+0-0ubuntu0.16.04.6
9.26~dfsg+0-0ubuntu0.16.04.7
9.26~dfsg+0-0ubuntu0.16.04.8
9.26~dfsg+0-0ubuntu0.16.04.9
9.26~dfsg+0-0ubuntu0.16.04.10
9.26~dfsg+0-0ubuntu0.16.04.11
9.26~dfsg+0-0ubuntu0.16.04.12
9.26~dfsg+0-0ubuntu0.16.04.13

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "9.26~dfsg+0-0ubuntu0.16.04.14",
            "binary_name": "ghostscript"
        },
        {
            "binary_version": "9.26~dfsg+0-0ubuntu0.16.04.14",
            "binary_name": "ghostscript-dbg"
        },
        {
            "binary_version": "9.26~dfsg+0-0ubuntu0.16.04.14",
            "binary_name": "ghostscript-dbgsym"
        },
        {
            "binary_version": "9.26~dfsg+0-0ubuntu0.16.04.14",
            "binary_name": "ghostscript-doc"
        },
        {
            "binary_version": "9.26~dfsg+0-0ubuntu0.16.04.14",
            "binary_name": "ghostscript-x"
        },
        {
            "binary_version": "9.26~dfsg+0-0ubuntu0.16.04.14",
            "binary_name": "ghostscript-x-dbgsym"
        },
        {
            "binary_version": "9.26~dfsg+0-0ubuntu0.16.04.14",
            "binary_name": "libgs-dev"
        },
        {
            "binary_version": "9.26~dfsg+0-0ubuntu0.16.04.14",
            "binary_name": "libgs-dev-dbgsym"
        },
        {
            "binary_version": "9.26~dfsg+0-0ubuntu0.16.04.14",
            "binary_name": "libgs9"
        },
        {
            "binary_version": "9.26~dfsg+0-0ubuntu0.16.04.14",
            "binary_name": "libgs9-common"
        },
        {
            "binary_version": "9.26~dfsg+0-0ubuntu0.16.04.14",
            "binary_name": "libgs9-dbgsym"
        }
    ]
}

Ubuntu:16.04:LTS / openjpeg2

Package

Name
openjpeg2
Purl
pkg:deb/ubuntu/openjpeg2?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.2-1.1+deb9u6build0.16.04.1

Affected versions

2.*

2.1.0-2.1
2.1.0-2.1ubuntu0.1
2.1.2-1.1+deb9u2build0.1
2.1.2-1.1+deb9u3build0.16.04.1
2.1.2-1.1+deb9u5build0.16.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjp2-7"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjp2-7-dbg"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjp2-7-dbgsym"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjp2-7-dev"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjp2-7-dev-dbgsym"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjp2-tools"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjp2-tools-dbgsym"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjp3d-tools"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjp3d-tools-dbgsym"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjp3d7"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjp3d7-dbgsym"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjpip-dec-server"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjpip-dec-server-dbgsym"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjpip-server"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjpip-server-dbgsym"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjpip-viewer"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjpip7"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjpip7-dbgsym"
        }
    ]
}

Ubuntu:18.04:LTS / ghostscript

Package

Name
ghostscript
Purl
pkg:deb/ubuntu/ghostscript?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.26~dfsg+0-0ubuntu0.18.04.14

Affected versions

9.*

9.21~dfsg+1-0ubuntu3
9.22~dfsg+1-0ubuntu1
9.22~dfsg+1-0ubuntu1.1
9.22~dfsg+1-0ubuntu1.2
9.25~dfsg+1-0ubuntu0.18.04.1
9.25~dfsg+1-0ubuntu0.18.04.2
9.26~dfsg+0-0ubuntu0.18.04.1
9.26~dfsg+0-0ubuntu0.18.04.3
9.26~dfsg+0-0ubuntu0.18.04.4
9.26~dfsg+0-0ubuntu0.18.04.5
9.26~dfsg+0-0ubuntu0.18.04.6
9.26~dfsg+0-0ubuntu0.18.04.7
9.26~dfsg+0-0ubuntu0.18.04.8
9.26~dfsg+0-0ubuntu0.18.04.9
9.26~dfsg+0-0ubuntu0.18.04.10
9.26~dfsg+0-0ubuntu0.18.04.11
9.26~dfsg+0-0ubuntu0.18.04.12
9.26~dfsg+0-0ubuntu0.18.04.13

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "9.26~dfsg+0-0ubuntu0.18.04.14",
            "binary_name": "ghostscript"
        },
        {
            "binary_version": "9.26~dfsg+0-0ubuntu0.18.04.14",
            "binary_name": "ghostscript-dbg"
        },
        {
            "binary_version": "9.26~dfsg+0-0ubuntu0.18.04.14",
            "binary_name": "ghostscript-doc"
        },
        {
            "binary_version": "9.26~dfsg+0-0ubuntu0.18.04.14",
            "binary_name": "ghostscript-x"
        },
        {
            "binary_version": "9.26~dfsg+0-0ubuntu0.18.04.14",
            "binary_name": "libgs-dev"
        },
        {
            "binary_version": "9.26~dfsg+0-0ubuntu0.18.04.14",
            "binary_name": "libgs9"
        },
        {
            "binary_version": "9.26~dfsg+0-0ubuntu0.18.04.14",
            "binary_name": "libgs9-common"
        }
    ]
}

Ubuntu:18.04:LTS / openjpeg2

Package

Name
openjpeg2
Purl
pkg:deb/ubuntu/openjpeg2?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.0-2+deb10u2build0.18.04.1

Affected versions

2.*

2.2.0-1
2.3.0-1
2.3.0-2build0.18.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjp2-7"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjp2-7-dbgsym"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjp2-7-dev"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjp2-tools"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjp2-tools-dbgsym"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjp3d-tools"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjp3d-tools-dbgsym"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjp3d7"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjp3d7-dbgsym"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjpip-dec-server"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjpip-dec-server-dbgsym"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjpip-server"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjpip-server-dbgsym"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjpip-viewer"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjpip7"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjpip7-dbgsym"
        }
    ]
}

Ubuntu:20.04:LTS / openjpeg2

Package

Name
openjpeg2
Purl
pkg:deb/ubuntu/openjpeg2?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.1-1ubuntu4.20.04.1

Affected versions

2.*

2.3.0-2
2.3.0-2build1
2.3.1-1
2.3.1-1ubuntu3
2.3.1-1ubuntu4

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjp2-7"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjp2-7-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjp2-7-dev"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjp2-tools"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjp2-tools-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjp3d-tools"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjp3d-tools-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjp3d7"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjp3d7-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjpip-dec-server"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjpip-dec-server-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjpip-server"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjpip-server-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjpip-viewer"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjpip7"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjpip7-dbgsym"
        }
    ]
}

Ubuntu:20.04:LTS / qtwebengine-opensource-src

Package

Name
qtwebengine-opensource-src
Purl
pkg:deb/ubuntu/qtwebengine-opensource-src?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.12.4+dfsg-1ubuntu1
5.12.4+dfsg-1ubuntu3
5.12.5+dfsg-3ubuntu1
5.12.5+dfsg-6ubuntu2
5.12.5+dfsg-7
5.12.5+dfsg-7build1
5.12.8+dfsg-0ubuntu1
5.12.8+dfsg-0ubuntu1.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / openjpeg2

Package

Name
openjpeg2
Purl
pkg:deb/ubuntu/openjpeg2?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.1-1ubuntu5

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjp2-7"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjp2-7-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjp2-7-dev"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjp2-tools"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjp2-tools-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjp3d-tools"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjp3d-tools-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjp3d7"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjp3d7-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjpip-dec-server"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjpip-dec-server-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjpip-server"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjpip-server-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjpip-viewer"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjpip7"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjpip7-dbgsym"
        }
    ]
}

Ubuntu:22.04:LTS / qtwebengine-opensource-src

Package

Name
qtwebengine-opensource-src
Purl
pkg:deb/ubuntu/qtwebengine-opensource-src?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.6+dfsg-1
5.15.6+dfsg-2
5.15.7+dfsg-2
5.15.8+dfsg-1
5.15.8+dfsg-1build1
5.15.8+dfsg-1build2
5.15.8+dfsg-2
5.15.9+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / qtwebengine-opensource-src

Package

Name
qtwebengine-opensource-src
Purl
pkg:deb/ubuntu/qtwebengine-opensource-src?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.16+dfsg-3
5.15.16+dfsg-5
5.15.17+dfsg-3
5.15.17+dfsg-4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / qtwebengine-opensource-src

Package

Name
qtwebengine-opensource-src
Purl
pkg:deb/ubuntu/qtwebengine-opensource-src?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.15+dfsg-2
5.15.15+dfsg-2build2
5.15.15+dfsg-2ubuntu1
5.15.16+dfsg-1
5.15.16+dfsg-1ubuntu2
5.15.16+dfsg-1ubuntu4
5.15.16+dfsg-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}