[Pkg-phototools-devel] Bug#983663: openjpeg2: CVE-2020-27843
Salvatore Bonaccorso
carnil at debian.org
Sun Feb 28 09:34:49 GMT 2021
Source: openjpeg2
Version: 2.4.0-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/1297
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Control: found -1 2.3.0-2+deb10u1
Control: found -1 2.3.0-2
Hi,
The following vulnerability was published for openjpeg2.
CVE-2020-27843[0]:
| A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw
| allows an attacker to provide specially crafted input to the
| conversion or encoding functionality, causing an out-of-bounds read.
| The highest threat from this vulnerability is system availability.
The issue is prevented in 2.4.0 but as per upstream the commited
change is unlikely to be the proper fix. Thus still keeping the 2.4.0
as affected.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-27843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27843
[1] https://github.com/uclouvain/openjpeg/issues/1297
Regards,
Salvatore
More information about the Pkg-phototools-devel
mailing list