Veracode Vulnerability DatabaseVERACODE:28917Denial Of Service (DoS)
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
ghostscript is vulnerable to denial of service. The vulnerability exists in opj_t2_encode_packet() function of t2.c due to an out-of-bounds read which allows an attacker to crash the application via malicious input.
References
bugzilla.redhat.com/show_bug.cgi?id=1907516
git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2020-27843
github.com/uclouvain/openjpeg/commit/38d661a3897052c7ff0b39b30c29cb067e130121
github.com/uclouvain/openjpeg/issues/1297
github.com/uclouvain/openjpeg/pull/1298
lists.debian.org/debian-lts-announce/2022/04/msg00006.html
lists.fedoraproject.org/archives/list/[email protected]/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/
security.gentoo.org/glsa/202101-29
www.debian.org/security/2021/dsa-4882
www.oracle.com//security-alerts/cpujul2021.html
www.oracle.com/security-alerts/cpuApr2021.html
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C