A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Fix Resolution: All OpenJPEG 2 users should upgrade to the latest version # emerge --sync
# emerge --ask --oneshot --verbose >=media-libs/openjpeg-2.4.02
Gentoo has discontinued support OpenJPEG 1.x and any dependent packages should now be using OpenJPEG 2 or have dropped support for the library. We recommend that users unmerge OpenJPEG 1.x # emerge --unmerge media-libs/openjpeg1 >=
Step up your Open Source Security Game with Mend here
CVE-2020-27844 - High Severity Vulnerability
Official repository of the OpenJPEG project
Library home page: https://github.com/uclouvain/openjpeg.git
Found in HEAD commit: 706b09e38f53ed9d9d022c131ae6564061484cfd
Found in base branch: master
A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Publish Date: 2021-01-05
URL: CVE-2020-27844
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://security.gentoo.org/glsa/202101-29
Fix Resolution: All OpenJPEG 2 users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=media-libs/openjpeg-2.4.02 Gentoo has discontinued support OpenJPEG 1.x and any dependent packages should now be using OpenJPEG 2 or have dropped support for the library. We recommend that users unmerge OpenJPEG 1.x # emerge --unmerge media-libs/openjpeg1 >=
Step up your Open Source Security Game with Mend here