Lucene search

K
mageiaGentoo FoundationMGASA-2020-0478
HistoryDec 29, 2020 - 2:57 p.m.

Updated openjpeg2 packages fix security vulnerabilities

2020-12-2914:57:17
Gentoo Foundation
advisories.mageia.org
22

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.1 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

52.4%

There’s a flaw in openjpeg in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability (CVE-2020-27841). There’s a flaw in openjpeg’s t2 encoder. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability (CVE-2020-27842). A flaw was found in OpenJPEG. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability (CVE-2020-27843). There’s a flaw in src/lib/openjp2/pi.c of openjpeg. If an attacker is able to provide untrusted input to openjpeg’s conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability (CVE-2020-27845).

OSVersionArchitecturePackageVersionFilename
Mageia7noarchopenjpeg2< 2.3.1-1.6openjpeg2-2.3.1-1.6.mga7

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.1 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

52.4%