Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian LTS: Security Advisory for openjpeg2 (DLA-2550-1)

Information

Severity

Severity

High

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

8.3

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

1 year ago

Modified

Modified

1 year ago

Summary

The remote host is missing an update for the 'openjpeg2' package(s) announced via the DLA-2550-1 advisory.

Insight

Insight

Various overflow errors were identified and fixed. CVE-2020-27814 A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. CVE-2020-27823 Wrong computation of x1,y1 if -d option is used, resulting in heap buffer overflow. CVE-2020-27824 Global buffer overflow on irreversible conversion when too many decomposition levels are specified. CVE-2020-27841 Crafted input to be processed by the openjpeg encoder could cause an out-of-bounds read. CVE-2020-27844 Crafted input to be processed by the openjpeg encoder could cause an out-of-bounds write. CVE-2020-27845 Crafted input can cause out-of-bounds-read.

Affected Software

Affected Software

'openjpeg2' package(s) on Debian Linux.

Detection Method

Detection Method

Checks if a vulnerable package version is present on the target host.

Solution

Solution

For Debian 9 stretch, these problems have been fixed in version 2.1.2-1.1+deb9u6. We recommend that you upgrade your openjpeg2 packages.