{ "threat_severity" : "Low", "public_date" : "2020-12-02T00:00:00Z", "bugzilla" : { "description" : "openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c", "id" : "1907516", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1907516" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-125", "details" : [ "A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability.", "A flaw was found in OpenJPEG. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability." ], "acknowledgement" : "Red Hat would like to thank zodf0055980 (SQLab NCTU Taiwan) for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2021-11-09T00:00:00Z", "advisory" : "RHSA-2021:4251", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "openjpeg2-0:2.4.0-4.el8" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "openjpeg", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "openjpeg", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "openjpeg2", "cpe" : "cpe:/o:redhat:enterprise_linux:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-27843\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-27843" ], "name" : "CVE-2020-27843", "csaw" : false }