{ "threat_severity" : "Low", "public_date" : "2020-12-01T00:00:00Z", "bugzilla" : { "description" : "openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c", "id" : "1907513", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1907513" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-125", "details" : [ "There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.", "A flaw was found in OpenJPEG’s t2 encoder. This flaw allows an attacker who can provide crafted input to be processed by OpenJPEG to cause a NULL pointer dereference issue. The highest threat to this vulnerability is to system availability." ], "acknowledgement" : "Red Hat would like to thank zodf0055980 (SQLab NCTU Taiwan) for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2021-11-09T00:00:00Z", "advisory" : "RHSA-2021:4251", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "openjpeg2-0:2.4.0-4.el8" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "openjpeg", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "openjpeg", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "openjpeg2", "cpe" : "cpe:/o:redhat:enterprise_linux:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-27842\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-27842" ], "name" : "CVE-2020-27842", "csaw" : false }