CVE-2020-27823
7.8
HIGH
CVSS 3.1
EPSS 0.30%
Description
A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
How to fix CVE-2020-27823
To remediate CVE-2020-27823, upgrade the affected package to a fixed version below.
- Alpine/openjpeg—upgrade to 2.3.1-r5 or later
- —upgrade to 2.4.0-1 or later
Is CVE-2020-27823 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.3.1-r5
- from 0, < 2.4.0-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |