CVE-2020-27814
openjpeg2 - security update
7.8
HIGH
CVSS 3.1
EPSS 0.92%
Description
A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.
How to fix CVE-2020-27814
To remediate CVE-2020-27814, upgrade the affected package to a fixed version below.
- Alpine/openjpeg—upgrade to 2.3.1-r5 or later
- —upgrade to 2.4.0-1 or later
- —upgrade to 2.1.2-1.1+deb9u6 or later
Is CVE-2020-27814 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2.3.1-r5
- from 0, < 2.4.0-1
- from 0, < 2.1.2-1.1+deb9u6
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |