Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-27843
HistoryJan 05, 2021 - 12:00 a.m.

CVE-2020-27843

2021-01-0500:00:00
ubuntu.com
ubuntu.com
10

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

47.1%

A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows
an attacker to provide specially crafted input to the conversion or
encoding functionality, causing an out-of-bounds read. The highest threat
from this vulnerability is system availability.

Bugs

Notes

Author Note
sahnaseredini the fix is not complete in bionic as the poc is still working. Also there’s a commit in the upstream (07d526e) that is reverting some optimisations and (apparently) fixes the issue, however, it does not relate to the CVE, and looks more like a bug fix.

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

47.1%