UBUNTU-CVE-2020-27823

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2020-27823

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-27823.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-27823

Related

Published

2020-12-09T00:00:00Z

Modified

2020-12-09T00:00:00Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

References

Affected packages

Ubuntu:16.04:LTS / openjpeg2

Package

Name: openjpeg2
Purl: pkg:deb/ubuntu/openjpeg2@2.1.2-1.1+deb9u6build0.16.04.1?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-1.1+deb9u6build0.16.04.1

Affected versions

2.*

2.1.0-2.1

2.1.0-2.1ubuntu0.1

2.1.2-1.1+deb9u2build0.1

2.1.2-1.1+deb9u3build0.16.04.1

2.1.2-1.1+deb9u5build0.16.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "libopenjpip-dec-server-dbgsym": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjp2-tools": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjpip7": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjp2-7-dev-dbgsym": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjp2-7": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjp2-tools-dbgsym": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjp2-7-dbg": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjpip-server": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjp2-7-dev": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjpip-server-dbgsym": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjp3d7-dbgsym": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjp3d7": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjp2-7-dbgsym": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjp3d-tools-dbgsym": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjpip7-dbgsym": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjpip-dec-server": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjp3d-tools": "2.1.2-1.1+deb9u6build0.16.04.1",
            "libopenjpip-viewer": "2.1.2-1.1+deb9u6build0.16.04.1"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / blender

Package

Name: blender

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.74+dfsg0-4build2

2.75.a+dfsg0-2ubuntu2

2.75.a+dfsg0-2ubuntu3

2.76.b+dfsg0-3

2.76.b+dfsg0-3build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / insighttoolkit4

Package

Name: insighttoolkit4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.8.1-1ubuntu3

4.8.1-1ubuntu4

4.8.2-3.1ubuntu1

4.9.0-3ubuntu2

4.9.0-4ubuntu1

4.9.0-4ubuntu1.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / texmaker

Package

Name: texmaker

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.1-1

4.4.1-1.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:18.04:LTS / openjpeg2

Package

Name: openjpeg2
Purl: pkg:deb/ubuntu/openjpeg2@2.3.0-2+deb10u2build0.18.04.1?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.0-2+deb10u2build0.18.04.1

Affected versions

2.*

2.2.0-1

2.3.0-1

2.3.0-2build0.18.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "libopenjpip-dec-server-dbgsym": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjp2-tools": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjpip7": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjp2-7": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjp2-tools-dbgsym": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjp2-7-dbgsym": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjpip-server": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjp2-7-dev": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjpip-server-dbgsym": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjp3d7-dbgsym": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjp3d7": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjp3d-tools-dbgsym": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjpip7-dbgsym": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjpip-dec-server": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjp3d-tools": "2.3.0-2+deb10u2build0.18.04.1",
            "libopenjpip-viewer": "2.3.0-2+deb10u2build0.18.04.1"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / blender

Package

Name: blender

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.78.c+dfsg0-2build1

2.79+dfsg0-2build1

2.79+dfsg0-3

2.79+dfsg0-3build1

2.79.b+dfsg0-1

2.79.b+dfsg0-1ubuntu1.18.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / insighttoolkit4

Package

Name: insighttoolkit4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.12.2-dfsg1-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / qtwebengine-opensource-src

Package

Name: qtwebengine-opensource-src

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.9.1+dfsg-4

5.9.1+dfsg-4ubuntu1

5.9.2+dfsg-2ubuntu1

5.9.3+dfsg-0ubuntu1

5.9.4+dfsg-0ubuntu1

5.9.5+dfsg-0ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / texmaker

Package

Name: texmaker

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.5-1

5.*

5.0.2-1

5.0.2-1build1

5.0.2-1build2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / blender

Package

Name: blender

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.80+dfsg-3

2.80+dfsg-3build1

2.80+dfsg-4

2.81.a+dfsg-5build3

2.82+dfsg-1

2.82+dfsg-1build1

2.82.a+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / insighttoolkit4

Package

Name: insighttoolkit4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.12.2-dfsg1-4.1ubuntu1

4.13.2-dfsg1-1ubuntu1

4.13.2-dfsg1-4ubuntu1

4.13.2-dfsg1-6

4.13.2-dfsg1-6ubuntu1

4.13.2-dfsg1-8

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / openjpeg2

Package

Name: openjpeg2
Purl: pkg:deb/ubuntu/openjpeg2@2.3.1-1ubuntu4.20.04.1?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.1-1ubuntu4.20.04.1

Affected versions

2.*

2.3.0-2

2.3.0-2build1

2.3.1-1

2.3.1-1ubuntu3

2.3.1-1ubuntu4

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "libopenjpip-dec-server-dbgsym": "2.3.1-1ubuntu4.20.04.1",
            "libopenjp2-tools": "2.3.1-1ubuntu4.20.04.1",
            "libopenjpip7": "2.3.1-1ubuntu4.20.04.1",
            "libopenjp2-7": "2.3.1-1ubuntu4.20.04.1",
            "libopenjp2-tools-dbgsym": "2.3.1-1ubuntu4.20.04.1",
            "libopenjp2-7-dbgsym": "2.3.1-1ubuntu4.20.04.1",
            "libopenjpip-server": "2.3.1-1ubuntu4.20.04.1",
            "libopenjp2-7-dev": "2.3.1-1ubuntu4.20.04.1",
            "libopenjpip-server-dbgsym": "2.3.1-1ubuntu4.20.04.1",
            "libopenjp3d7-dbgsym": "2.3.1-1ubuntu4.20.04.1",
            "libopenjp3d7": "2.3.1-1ubuntu4.20.04.1",
            "libopenjp3d-tools-dbgsym": "2.3.1-1ubuntu4.20.04.1",
            "libopenjpip7-dbgsym": "2.3.1-1ubuntu4.20.04.1",
            "libopenjpip-dec-server": "2.3.1-1ubuntu4.20.04.1",
            "libopenjp3d-tools": "2.3.1-1ubuntu4.20.04.1",
            "libopenjpip-viewer": "2.3.1-1ubuntu4.20.04.1"
        }
    ]
}

Ubuntu:20.04:LTS / qtwebengine-opensource-src

Package

Name: qtwebengine-opensource-src

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.12.4+dfsg-1ubuntu1

5.12.4+dfsg-1ubuntu3

5.12.5+dfsg-3ubuntu1

5.12.5+dfsg-6ubuntu2

5.12.5+dfsg-7

5.12.5+dfsg-7build1

5.12.8+dfsg-0ubuntu1

5.12.8+dfsg-0ubuntu1.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / texmaker

Package

Name: texmaker

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.0.3-1build2

5.0.3-1build3

5.0.3-1build4

5.0.3-1build5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / blender

Package

Name: blender

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.93.3+dfsg-3

2.93.5+dfsg-1

2.93.5+dfsg-1build1

3.*

3.0.1+dfsg-7

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / insighttoolkit4

Package

Name: insighttoolkit4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.13.3withdata-dfsg1-4.1

4.13.3withdata-dfsg2-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / openjpeg2

Package

Name: openjpeg2
Purl: pkg:deb/ubuntu/openjpeg2@2.3.1-1ubuntu5?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.1-1ubuntu5

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "libopenjpip-dec-server-dbgsym": "2.3.1-1ubuntu5",
            "libopenjp2-tools": "2.3.1-1ubuntu5",
            "libopenjpip7": "2.3.1-1ubuntu5",
            "libopenjp2-7": "2.3.1-1ubuntu5",
            "libopenjp2-tools-dbgsym": "2.3.1-1ubuntu5",
            "libopenjp2-7-dbgsym": "2.3.1-1ubuntu5",
            "libopenjpip-server": "2.3.1-1ubuntu5",
            "libopenjp2-7-dev": "2.3.1-1ubuntu5",
            "libopenjpip-server-dbgsym": "2.3.1-1ubuntu5",
            "libopenjp3d7-dbgsym": "2.3.1-1ubuntu5",
            "libopenjp3d7": "2.3.1-1ubuntu5",
            "libopenjp3d-tools-dbgsym": "2.3.1-1ubuntu5",
            "libopenjpip7-dbgsym": "2.3.1-1ubuntu5",
            "libopenjpip-dec-server": "2.3.1-1ubuntu5",
            "libopenjp3d-tools": "2.3.1-1ubuntu5",
            "libopenjpip-viewer": "2.3.1-1ubuntu5"
        }
    ]
}

Ubuntu:22.04:LTS / qtwebengine-opensource-src

Package

Name: qtwebengine-opensource-src

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.6+dfsg-1

5.15.6+dfsg-2

5.15.7+dfsg-2

5.15.8+dfsg-1

5.15.8+dfsg-1build1

5.15.8+dfsg-1build2

5.15.8+dfsg-2

5.15.9+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / texmaker

Package

Name: texmaker

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.0.3-1build8

5.0.3-1build9

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / blender

Package

Name: blender

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.2+dfsg-2ubuntu1

3.6.2+dfsg-2ubuntu2

4.*

4.0.2+dfsg-1ubuntu1

4.0.2+dfsg-1ubuntu2

4.0.2+dfsg-1ubuntu4

4.0.2+dfsg-1ubuntu6

4.0.2+dfsg-1ubuntu7

4.0.2+dfsg-1ubuntu8

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / qtwebengine-opensource-src

Package

Name: qtwebengine-opensource-src

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.15+dfsg-2

5.15.15+dfsg-2build2

5.15.15+dfsg-2ubuntu1

5.15.16+dfsg-1

5.15.16+dfsg-1ubuntu2

5.15.16+dfsg-1ubuntu4

5.15.16+dfsg-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / texmaker

Package

Name: texmaker

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.1.3+dfsg-1build4

5.1.3+dfsg-1build5

5.1.3+dfsg-1build6

5.1.3+dfsg-1build7

5.1.3+dfsg-1build8

Ecosystem specific

{
    "ubuntu_priority": "medium"
}