UBUNTU-CVE-2020-27844

Source
https://ubuntu.com/security/CVE-2020-27844
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-27844.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-27844
Related
Published
2021-01-05T18:15:00Z
Modified
2024-10-15T14:07:46Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

References

Affected packages

Ubuntu:Pro:16.04:LTS / insighttoolkit4

Package

Name
insighttoolkit4
Purl
pkg:deb/ubuntu/insighttoolkit4?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.8.1-1ubuntu3
4.8.1-1ubuntu4
4.8.2-3.1ubuntu1
4.9.0-3ubuntu2
4.9.0-4ubuntu1
4.9.0-4ubuntu1.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / insighttoolkit4

Package

Name
insighttoolkit4
Purl
pkg:deb/ubuntu/insighttoolkit4?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.12.2-dfsg1-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / insighttoolkit4

Package

Name
insighttoolkit4
Purl
pkg:deb/ubuntu/insighttoolkit4?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.12.2-dfsg1-4.1ubuntu1
4.13.2-dfsg1-1ubuntu1
4.13.2-dfsg1-4ubuntu1
4.13.2-dfsg1-6
4.13.2-dfsg1-6ubuntu1
4.13.2-dfsg1-8

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / insighttoolkit4

Package

Name
insighttoolkit4
Purl
pkg:deb/ubuntu/insighttoolkit4?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.13.3withdata-dfsg1-4.1
4.13.3withdata-dfsg2-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}