UBUNTU-CVE-2020-27814

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2020-27814

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-27814.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-27814

Related

Published

2020-11-30T00:00:00Z

Modified

2020-11-30T00:00:00Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.

References

Affected packages

Ubuntu:16.04:LTS / ghostscript

Package

Name: ghostscript
Purl: pkg:deb/ubuntu/ghostscript@9.26~dfsg+0-0ubuntu0.16.04.14?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.26~dfsg+0-0ubuntu0.16.04.14

Affected versions

9.*

9.16~dfsg~0-0ubuntu3

9.16~dfsg~0-0ubuntu4

9.18~dfsg~0-0ubuntu1

9.18~dfsg~0-0ubuntu2

9.18~dfsg~0-0ubuntu2.2

9.18~dfsg~0-0ubuntu2.3

9.18~dfsg~0-0ubuntu2.4

9.18~dfsg~0-0ubuntu2.6

9.18~dfsg~0-0ubuntu2.7

9.18~dfsg~0-0ubuntu2.8

9.18~dfsg~0-0ubuntu2.9

9.25~dfsg+1-0ubuntu0.16.04.1

9.25~dfsg+1-0ubuntu0.16.04.2

9.25~dfsg+1-0ubuntu0.16.04.3

9.26~dfsg+0-0ubuntu0.16.04.1

9.26~dfsg+0-0ubuntu0.16.04.3

9.26~dfsg+0-0ubuntu0.16.04.4

9.26~dfsg+0-0ubuntu0.16.04.5

9.26~dfsg+0-0ubuntu0.16.04.6

9.26~dfsg+0-0ubuntu0.16.04.7

9.26~dfsg+0-0ubuntu0.16.04.8

9.26~dfsg+0-0ubuntu0.16.04.9

9.26~dfsg+0-0ubuntu0.16.04.10

9.26~dfsg+0-0ubuntu0.16.04.11

9.26~dfsg+0-0ubuntu0.16.04.12

9.26~dfsg+0-0ubuntu0.16.04.13

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "libgs9-dbgsym": "9.26~dfsg+0-0ubuntu0.16.04.14",
            "ghostscript-dbgsym": "9.26~dfsg+0-0ubuntu0.16.04.14",
            "ghostscript-dbg": "9.26~dfsg+0-0ubuntu0.16.04.14",
            "ghostscript-doc": "9.26~dfsg+0-0ubuntu0.16.04.14",
            "ghostscript-x": "9.26~dfsg+0-0ubuntu0.16.04.14",
            "libgs9": "9.26~dfsg+0-0ubuntu0.16.04.14",
            "ghostscript-x-dbgsym": "9.26~dfsg+0-0ubuntu0.16.04.14",
            "libgs-dev-dbgsym": "9.26~dfsg+0-0ubuntu0.16.04.14",
            "libgs9-common": "9.26~dfsg+0-0ubuntu0.16.04.14",
            "ghostscript": "9.26~dfsg+0-0ubuntu0.16.04.14",
            "libgs-dev": "9.26~dfsg+0-0ubuntu0.16.04.14"
        }
    ]
}

Ubuntu:16.04:LTS / openjpeg2

Package

Name: openjpeg2
Purl: pkg:deb/ubuntu/openjpeg2@2.1.2-1.1+deb9u6build0.16.04.1?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-1.1+deb9u6build0.16.04.1

Affected versions

2.*

2.1.0-2.1

2.1.0-2.1ubuntu0.1

2.1.2-1.1+deb9u2build0.1

2.1.2-1.1+deb9u3build0.16.04.1

2.1.2-1.1+deb9u5build0.16.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "libopenjpip-dec-server-dbgsym": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjp2-tools": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjpip7": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjp2-7-dev-dbgsym": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjp2-7": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjp2-tools-dbgsym": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjp2-7-dbg": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjpip-server": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjp2-7-dev": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjpip-server-dbgsym": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjp3d7-dbgsym": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjp3d7": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjp2-7-dbgsym": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjp3d-tools-dbgsym": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjpip7-dbgsym": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjpip-dec-server": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjp3d-tools": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjpip-viewer": "2.1.2-1.1+deb9u6build0.16.04.1"
        }
    ]
}

Ubuntu:18.04:LTS / ghostscript

Package

Name: ghostscript
Purl: pkg:deb/ubuntu/ghostscript@9.26~dfsg+0-0ubuntu0.18.04.14?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.26~dfsg+0-0ubuntu0.18.04.14

Affected versions

9.*

9.21~dfsg+1-0ubuntu3

9.22~dfsg+1-0ubuntu1

9.22~dfsg+1-0ubuntu1.1

9.22~dfsg+1-0ubuntu1.2

9.25~dfsg+1-0ubuntu0.18.04.1

9.25~dfsg+1-0ubuntu0.18.04.2

9.26~dfsg+0-0ubuntu0.18.04.1

9.26~dfsg+0-0ubuntu0.18.04.3

9.26~dfsg+0-0ubuntu0.18.04.4

9.26~dfsg+0-0ubuntu0.18.04.5

9.26~dfsg+0-0ubuntu0.18.04.6

9.26~dfsg+0-0ubuntu0.18.04.7

9.26~dfsg+0-0ubuntu0.18.04.8

9.26~dfsg+0-0ubuntu0.18.04.9

9.26~dfsg+0-0ubuntu0.18.04.10

9.26~dfsg+0-0ubuntu0.18.04.11

9.26~dfsg+0-0ubuntu0.18.04.12

9.26~dfsg+0-0ubuntu0.18.04.13

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "ghostscript-dbg": "9.26~dfsg+0-0ubuntu0.18.04.14",
            "ghostscript-doc": "9.26~dfsg+0-0ubuntu0.18.04.14",
            "ghostscript-x": "9.26~dfsg+0-0ubuntu0.18.04.14",
            "libgs9": "9.26~dfsg+0-0ubuntu0.18.04.14",
            "libgs-dev": "9.26~dfsg+0-0ubuntu0.18.04.14",
            "libgs9-common": "9.26~dfsg+0-0ubuntu0.18.04.14",
            "ghostscript": "9.26~dfsg+0-0ubuntu0.18.04.14"
        }
    ]
}

Ubuntu:18.04:LTS / openjpeg2

Package

Name: openjpeg2
Purl: pkg:deb/ubuntu/openjpeg2@2.3.0-2+deb10u2build0.18.04.1?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.0-2+deb10u2build0.18.04.1

Affected versions

2.*

2.2.0-1

2.3.0-1

2.3.0-2build0.18.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "libopenjpip-dec-server-dbgsym": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjp2-tools": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjpip7": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjp2-7": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjp2-tools-dbgsym": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjp2-7-dbgsym": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjpip-server": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjp2-7-dev": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjpip-server-dbgsym": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjp3d7-dbgsym": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjp3d7": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjp3d-tools-dbgsym": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjpip7-dbgsym": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjpip-dec-server": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjp3d-tools": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjpip-viewer": "2.3.0-2+deb10u2build0.18.04.1"
        }
    ]
}

Ubuntu:20.04:LTS / openjpeg2

Package

Name: openjpeg2
Purl: pkg:deb/ubuntu/openjpeg2@2.3.1-1ubuntu4.20.04.1?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.1-1ubuntu4.20.04.1

Affected versions

2.*

2.3.0-2

2.3.0-2build1

2.3.1-1

2.3.1-1ubuntu3

2.3.1-1ubuntu4

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "libopenjpip-dec-server-dbgsym": "2.3.1-1ubuntu4.20.04.1",
            "libopenjp2-tools": "2.3.1-1ubuntu4.20.04.1",
            "libopenjpip7": "2.3.1-1ubuntu4.20.04.1",
            "libopenjp2-7": "2.3.1-1ubuntu4.20.04.1",
            "libopenjp2-tools-dbgsym": "2.3.1-1ubuntu4.20.04.1",
            "libopenjp2-7-dbgsym": "2.3.1-1ubuntu4.20.04.1",
            "libopenjpip-server": "2.3.1-1ubuntu4.20.04.1",
            "libopenjp2-7-dev": "2.3.1-1ubuntu4.20.04.1",
            "libopenjpip-server-dbgsym": "2.3.1-1ubuntu4.20.04.1",
            "libopenjp3d7-dbgsym": "2.3.1-1ubuntu4.20.04.1",
            "libopenjp3d7": "2.3.1-1ubuntu4.20.04.1",
            "libopenjp3d-tools-dbgsym": "2.3.1-1ubuntu4.20.04.1",
            "libopenjpip7-dbgsym": "2.3.1-1ubuntu4.20.04.1",
            "libopenjpip-dec-server": "2.3.1-1ubuntu4.20.04.1",
            "libopenjp3d-tools": "2.3.1-1ubuntu4.20.04.1",
            "libopenjpip-viewer": "2.3.1-1ubuntu4.20.04.1"
        }
    ]
}

Ubuntu:20.04:LTS / qtwebengine-opensource-src

Package

Name: qtwebengine-opensource-src

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.12.4+dfsg-1ubuntu1

5.12.4+dfsg-1ubuntu3

5.12.5+dfsg-3ubuntu1

5.12.5+dfsg-6ubuntu2

5.12.5+dfsg-7

5.12.5+dfsg-7build1

5.12.8+dfsg-0ubuntu1

5.12.8+dfsg-0ubuntu1.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / openjpeg2

Package

Name: openjpeg2
Purl: pkg:deb/ubuntu/openjpeg2@2.3.1-1ubuntu5?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.1-1ubuntu5

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "libopenjpip-dec-server-dbgsym": "2.3.1-1ubuntu5",
            "libopenjp2-tools": "2.3.1-1ubuntu5",
            "libopenjpip7": "2.3.1-1ubuntu5",
            "libopenjp2-7": "2.3.1-1ubuntu5",
            "libopenjp2-tools-dbgsym": "2.3.1-1ubuntu5",
            "libopenjp2-7-dbgsym": "2.3.1-1ubuntu5",
            "libopenjpip-server": "2.3.1-1ubuntu5",
            "libopenjp2-7-dev": "2.3.1-1ubuntu5",
            "libopenjpip-server-dbgsym": "2.3.1-1ubuntu5",
            "libopenjp3d7-dbgsym": "2.3.1-1ubuntu5",
            "libopenjp3d7": "2.3.1-1ubuntu5",
            "libopenjp3d-tools-dbgsym": "2.3.1-1ubuntu5",
            "libopenjpip7-dbgsym": "2.3.1-1ubuntu5",
            "libopenjpip-dec-server": "2.3.1-1ubuntu5",
            "libopenjp3d-tools": "2.3.1-1ubuntu5",
            "libopenjpip-viewer": "2.3.1-1ubuntu5"
        }
    ]
}

Ubuntu:22.04:LTS / qtwebengine-opensource-src

Package

Name: qtwebengine-opensource-src

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.6+dfsg-1

5.15.6+dfsg-2

5.15.7+dfsg-2

5.15.8+dfsg-1

5.15.8+dfsg-1build1

5.15.8+dfsg-1build2

5.15.8+dfsg-2

5.15.9+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / qtwebengine-opensource-src

Package

Name: qtwebengine-opensource-src

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.15+dfsg-2

5.15.15+dfsg-2build2

5.15.15+dfsg-2ubuntu1

5.15.16+dfsg-1

5.15.16+dfsg-1ubuntu2

5.15.16+dfsg-1ubuntu4

5.15.16+dfsg-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}