{"api_version":"1","generated_at":"2026-04-22T21:26:58+00:00","cve":"CVE-2020-27814","urls":{"html":"https://cve.report/CVE-2020-27814","api":"https://cve.report/api/cve/CVE-2020-27814.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-27814","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-27814"},"summary":{"title":"CVE-2020-27814","description":"A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2021-01-26 18:15:00","updated_at":"2022-10-07 02:22:00"},"problem_types":["CWE-122"],"metrics":[],"references":[{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","name":"N/A","refsource":"N/A","tags":[],"title":"Oracle Critical Patch Update Advisory - July 2021","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1901998","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1901998","refsource":"MISC","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"1901998 – (CVE-2020-27814) CVE-2020-27814 openjpeg: Heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2021/dsa-4882","name":"DSA-4882","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4882-1 openjpeg2","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202101-29","name":"GLSA-202101-29","refsource":"GENTOO","tags":["Third Party Advisory"],"title":"OpenJPEG: Multiple vulnerabilities (GLSA 202101-29) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html","name":"[debian-lts-announce] 20210208 [SECURITY] [DLA 2550-1] openjpeg2 security update","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 2550-1] openjpeg2 security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/uclouvain/openjpeg/issues/1283","name":"https://github.com/uclouvain/openjpeg/issues/1283","refsource":"MISC","tags":["Exploit","Issue Tracking","Third Party Advisory"],"title":"Heap-buffer-overflow in lib/openjp2/mqc.c:499 · Issue #1283 · uclouvain/openjpeg · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-27814","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27814","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"27814","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27814","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27814","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27814","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"uclouvain","cpe5":"openjpeg","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27814","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"uclouvain","cpe5":"openjpeg","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27814","vulnerable":"1","versionEndIncluding":"1.5.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"uclouvain","cpe5":"openjpeg","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-27814","qid":"159478","title":"Oracle Enterprise Linux Security Update for openjpeg2 (ELSA-2021-4251)"},{"cve":"CVE-2020-27814","qid":"178518","title":"Debian Security Update for openjpeg2 (DSA 4882-1)"},{"cve":"CVE-2020-27814","qid":"198299","title":"Ubuntu Security Notification for Openjpeg2 Vulnerabilities (USN-4880-1)"},{"cve":"CVE-2020-27814","qid":"199240","title":"Ubuntu Security Notification for OpenJPEG Vulnerabilities (USN-5952-1)"},{"cve":"CVE-2020-27814","qid":"239842","title":"Red Hat Update for openjpeg2 (RHSA-2021:4251)"},{"cve":"CVE-2020-27814","qid":"296069","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 31.88.5 Missing (CPUJAN2021)"},{"cve":"CVE-2020-27814","qid":"353122","title":"Amazon Linux Security Advisory for openjpeg2 : ALAS2-2022-1741"},{"cve":"CVE-2020-27814","qid":"500473","title":"Alpine Linux Security Update for openjpeg"},{"cve":"CVE-2020-27814","qid":"504230","title":"Alpine Linux Security Update for openjpeg"},{"cve":"CVE-2020-27814","qid":"670492","title":"EulerOS Security Update for openjpeg2 (EulerOS-SA-2021-2250)"},{"cve":"CVE-2020-27814","qid":"670518","title":"EulerOS Security Update for openjpeg2 (EulerOS-SA-2021-2276)"},{"cve":"CVE-2020-27814","qid":"752740","title":"SUSE Enterprise Linux Security Update for openjpeg2 (SUSE-SU-2022:3802-1)"},{"cve":"CVE-2020-27814","qid":"940171","title":"AlmaLinux Security Update for openjpeg2 (ALSA-2021:4251)"},{"cve":"CVE-2020-27814","qid":"960346","title":"Rocky Linux Security Update for openjpeg2 (RLSA-2021:4251)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-27814","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"openjpeg","version":{"version_data":[{"version_value":"before openjpeg 2.4.0"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-122"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1901998","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1901998"},{"refsource":"MISC","name":"https://github.com/uclouvain/openjpeg/issues/1283","url":"https://github.com/uclouvain/openjpeg/issues/1283"},{"refsource":"GENTOO","name":"GLSA-202101-29","url":"https://security.gentoo.org/glsa/202101-29"},{"refsource":"MLIST","name":"[debian-lts-announce] 20210208 [SECURITY] [DLA 2550-1] openjpeg2 security update","url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html"},{"refsource":"DEBIAN","name":"DSA-4882","url":"https://www.debian.org/security/2021/dsa-4882"},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","refsource":"MISC","name":"https://www.oracle.com//security-alerts/cpujul2021.html"}]},"description":{"description_data":[{"lang":"eng","value":"A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application."}]}},"nvd":{"publishedDate":"2021-01-26 18:15:00","lastModifiedDate":"2022-10-07 02:22:00","problem_types":["CWE-122"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*","versionEndIncluding":"1.5.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.4.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"27814","Ordinal":"189550","Title":"CVE-2020-27814","CVE":"CVE-2020-27814","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"27814","Ordinal":"1","NoteData":"A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"27814","Ordinal":"2","NoteData":"2021-01-25","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"27814","Ordinal":"3","NoteData":"2021-07-20","Type":"Other","Title":"Modified"}]}}}