{"api_version":"1","generated_at":"2026-04-23T02:14:29+00:00","cve":"CVE-2020-27823","urls":{"html":"https://cve.report/CVE-2020-27823","api":"https://cve.report/api/cve/CVE-2020-27823.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-27823","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-27823"},"summary":{"title":"CVE-2020-27823","description":"A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2021-05-13 15:15:00","updated_at":"2023-11-07 03:21:00"},"problem_types":["CWE-787","CWE-120"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/","name":"FEDORA-2020-d32853a28d","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 32 Update: openjpeg2-2.3.1-10.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP/","name":"FEDORA-2020-4cd57a6876","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: openjpeg2-2.3.1-9.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/","name":"FEDORA-2020-d32853a28d","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: openjpeg2-2.3.1-10.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1905762","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1905762","refsource":"MISC","tags":[],"title":"1905762 – (CVE-2020-27823) CVE-2020-27823 openjpeg: Heap-buffer-overflow write in lib-openjp2","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2021/dsa-4882","name":"DSA-4882","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4882-1 openjpeg2","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP/","name":"FEDORA-2020-4cd57a6876","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: openjpeg2-2.3.1-9.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html","name":"[debian-lts-announce] 20210208 [SECURITY] [DLA 2550-1] openjpeg2 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2550-1] openjpeg2 security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-27823","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27823","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"27823","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27823","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27823","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27823","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27823","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"uclouvain","cpe5":"openjpeg","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-27823","qid":"159478","title":"Oracle Enterprise Linux Security Update for openjpeg2 (ELSA-2021-4251)"},{"cve":"CVE-2020-27823","qid":"178518","title":"Debian Security Update for openjpeg2 (DSA 4882-1)"},{"cve":"CVE-2020-27823","qid":"198299","title":"Ubuntu Security Notification for Openjpeg2 Vulnerabilities (USN-4880-1)"},{"cve":"CVE-2020-27823","qid":"199240","title":"Ubuntu Security Notification for OpenJPEG Vulnerabilities (USN-5952-1)"},{"cve":"CVE-2020-27823","qid":"239842","title":"Red Hat Update for openjpeg2 (RHSA-2021:4251)"},{"cve":"CVE-2020-27823","qid":"353122","title":"Amazon Linux Security Advisory for openjpeg2 : ALAS2-2022-1741"},{"cve":"CVE-2020-27823","qid":"500473","title":"Alpine Linux Security Update for openjpeg"},{"cve":"CVE-2020-27823","qid":"504230","title":"Alpine Linux Security Update for openjpeg"},{"cve":"CVE-2020-27823","qid":"670492","title":"EulerOS Security Update for openjpeg2 (EulerOS-SA-2021-2250)"},{"cve":"CVE-2020-27823","qid":"670518","title":"EulerOS Security Update for openjpeg2 (EulerOS-SA-2021-2276)"},{"cve":"CVE-2020-27823","qid":"670583","title":"EulerOS Security Update for openjpeg (EulerOS-SA-2021-2341)"},{"cve":"CVE-2020-27823","qid":"670656","title":"EulerOS Security Update for openjpeg (EulerOS-SA-2021-2414)"},{"cve":"CVE-2020-27823","qid":"670720","title":"EulerOS Security Update for openjpeg (EulerOS-SA-2021-2478)"},{"cve":"CVE-2020-27823","qid":"671139","title":"EulerOS Security Update for openjpeg (EulerOS-SA-2021-2601)"},{"cve":"CVE-2020-27823","qid":"751971","title":"SUSE Enterprise Linux Security Update for openjpeg2 (SUSE-SU-2022:1129-1)"},{"cve":"CVE-2020-27823","qid":"752044","title":"SUSE Enterprise Linux Security Update for openjpeg2 (SUSE-SU-2022:1252-1)"},{"cve":"CVE-2020-27823","qid":"752060","title":"SUSE Enterprise Linux Security Update for openjpeg (SUSE-SU-2022:1296-1)"},{"cve":"CVE-2020-27823","qid":"940171","title":"AlmaLinux Security Update for openjpeg2 (ALSA-2021:4251)"},{"cve":"CVE-2020-27823","qid":"960346","title":"Rocky Linux Security Update for openjpeg2 (RLSA-2021:4251)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-27823","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"openjpeg","version":{"version_data":[{"version_value":"openjpeg 2.4.0"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-20->CWE-120->CWE-787"}]}]},"references":{"reference_data":[{"refsource":"FEDORA","name":"FEDORA-2020-4cd57a6876","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP/"},{"refsource":"FEDORA","name":"FEDORA-2020-d32853a28d","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20210208 [SECURITY] [DLA 2550-1] openjpeg2 security update","url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html"},{"refsource":"DEBIAN","name":"DSA-4882","url":"https://www.debian.org/security/2021/dsa-4882"},{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1905762","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1905762"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."}]}},"nvd":{"publishedDate":"2021-05-13 15:15:00","lastModifiedDate":"2023-11-07 03:21:00","problem_types":["CWE-787","CWE-120"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"27823","Ordinal":"189559","Title":"CVE-2020-27823","CVE":"CVE-2020-27823","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"27823","Ordinal":"1","NoteData":"A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"27823","Ordinal":"2","NoteData":"2021-05-13","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"27823","Ordinal":"3","NoteData":"2021-05-13","Type":"Other","Title":"Modified"}]}}}