UBUNTU-CVE-2020-27823

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2020-27823
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-27823.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2020-27823
Upstream
Downstream
Related
Published
2020-12-09T00:00:00Z
Modified
2025-07-14T07:15:12.925078Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

References

Affected packages

Ubuntu:16.04:LTS / openjpeg2

Package

Name
openjpeg2
Purl
pkg:deb/ubuntu/openjpeg2@2.1.2-1.1+deb9u6build0.16.04.1?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.2-1.1+deb9u6build0.16.04.1

Affected versions

2.*

2.1.0-2.1
2.1.0-2.1ubuntu0.1
2.1.2-1.1+deb9u2build0.1
2.1.2-1.1+deb9u3build0.16.04.1
2.1.2-1.1+deb9u5build0.16.04.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjp2-7"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjp2-7-dbg"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjp2-7-dbgsym"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjp2-7-dev"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjp2-7-dev-dbgsym"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjp2-tools"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjp2-tools-dbgsym"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjp3d-tools"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjp3d-tools-dbgsym"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjp3d7"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjp3d7-dbgsym"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjpip-dec-server"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjpip-dec-server-dbgsym"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjpip-server"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjpip-server-dbgsym"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjpip-viewer"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjpip7"
        },
        {
            "binary_version": "2.1.2-1.1+deb9u6build0.16.04.1",
            "binary_name": "libopenjpip7-dbgsym"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:Pro:16.04:LTS / blender

Package

Name
blender
Purl
pkg:deb/ubuntu/blender@2.76.b+dfsg0-3build1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.74+dfsg0-4build2
2.75.a+dfsg0-2ubuntu2
2.75.a+dfsg0-2ubuntu3
2.76.b+dfsg0-3
2.76.b+dfsg0-3build1

Ubuntu:Pro:16.04:LTS / insighttoolkit4

Package

Name
insighttoolkit4
Purl
pkg:deb/ubuntu/insighttoolkit4@4.9.0-4ubuntu1.1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.8.1-1ubuntu3
4.8.1-1ubuntu4
4.8.2-3.1ubuntu1
4.9.0-3ubuntu2
4.9.0-4ubuntu1
4.9.0-4ubuntu1.1

Ubuntu:Pro:16.04:LTS / texmaker

Package

Name
texmaker
Purl
pkg:deb/ubuntu/texmaker@4.4.1-1.1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.1-1
4.4.1-1.1

Ubuntu:18.04:LTS / openjpeg2

Package

Name
openjpeg2
Purl
pkg:deb/ubuntu/openjpeg2@2.3.0-2+deb10u2build0.18.04.1?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.0-2+deb10u2build0.18.04.1

Affected versions

2.*

2.2.0-1
2.3.0-1
2.3.0-2build0.18.04.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjp2-7"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjp2-7-dbgsym"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjp2-7-dev"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjp2-tools"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjp2-tools-dbgsym"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjp3d-tools"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjp3d-tools-dbgsym"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjp3d7"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjp3d7-dbgsym"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjpip-dec-server"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjpip-dec-server-dbgsym"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjpip-server"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjpip-server-dbgsym"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjpip-viewer"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjpip7"
        },
        {
            "binary_version": "2.3.0-2+deb10u2build0.18.04.1",
            "binary_name": "libopenjpip7-dbgsym"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:Pro:18.04:LTS / blender

Package

Name
blender
Purl
pkg:deb/ubuntu/blender@2.79.b+dfsg0-1ubuntu1.18.04.1?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.78.c+dfsg0-2build1
2.79+dfsg0-2build1
2.79+dfsg0-3
2.79+dfsg0-3build1
2.79.b+dfsg0-1
2.79.b+dfsg0-1ubuntu1.18.04.1

Ubuntu:Pro:18.04:LTS / insighttoolkit4

Package

Name
insighttoolkit4
Purl
pkg:deb/ubuntu/insighttoolkit4@4.12.2-dfsg1-1ubuntu1?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.12.2-dfsg1-1ubuntu1

Ubuntu:Pro:18.04:LTS / qtwebengine-opensource-src

Package

Name
qtwebengine-opensource-src
Purl
pkg:deb/ubuntu/qtwebengine-opensource-src@5.9.5+dfsg-0ubuntu2?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.9.1+dfsg-4
5.9.1+dfsg-4ubuntu1
5.9.2+dfsg-2ubuntu1
5.9.3+dfsg-0ubuntu1
5.9.4+dfsg-0ubuntu1
5.9.5+dfsg-0ubuntu2

Ubuntu:Pro:18.04:LTS / texmaker

Package

Name
texmaker
Purl
pkg:deb/ubuntu/texmaker@5.0.2-1build2?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.5-1

5.*

5.0.2-1
5.0.2-1build1
5.0.2-1build2

Ubuntu:20.04:LTS / openjpeg2

Package

Name
openjpeg2
Purl
pkg:deb/ubuntu/openjpeg2@2.3.1-1ubuntu4.20.04.1?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.1-1ubuntu4.20.04.1

Affected versions

2.*

2.3.0-2
2.3.0-2build1
2.3.1-1
2.3.1-1ubuntu3
2.3.1-1ubuntu4

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjp2-7"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjp2-7-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjp2-7-dev"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjp2-tools"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjp2-tools-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjp3d-tools"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjp3d-tools-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjp3d7"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjp3d7-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjpip-dec-server"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjpip-dec-server-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjpip-server"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjpip-server-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjpip-viewer"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjpip7"
        },
        {
            "binary_version": "2.3.1-1ubuntu4.20.04.1",
            "binary_name": "libopenjpip7-dbgsym"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:Pro:20.04:LTS / blender

Package

Name
blender
Purl
pkg:deb/ubuntu/blender@2.82.a+dfsg-1?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.80+dfsg-3
2.80+dfsg-3build1
2.80+dfsg-4
2.81.a+dfsg-5build3
2.82+dfsg-1
2.82+dfsg-1build1
2.82.a+dfsg-1

Ubuntu:Pro:20.04:LTS / insighttoolkit4

Package

Name
insighttoolkit4
Purl
pkg:deb/ubuntu/insighttoolkit4@4.13.2-dfsg1-8?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.12.2-dfsg1-4.1ubuntu1
4.13.2-dfsg1-1ubuntu1
4.13.2-dfsg1-4ubuntu1
4.13.2-dfsg1-6
4.13.2-dfsg1-6ubuntu1
4.13.2-dfsg1-8

Ubuntu:Pro:20.04:LTS / qtwebengine-opensource-src

Package

Name
qtwebengine-opensource-src
Purl
pkg:deb/ubuntu/qtwebengine-opensource-src@5.12.8+dfsg-0ubuntu1.1?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.12.4+dfsg-1ubuntu1
5.12.4+dfsg-1ubuntu3
5.12.5+dfsg-3ubuntu1
5.12.5+dfsg-6ubuntu2
5.12.5+dfsg-7
5.12.5+dfsg-7build1
5.12.8+dfsg-0ubuntu1
5.12.8+dfsg-0ubuntu1.1

Ubuntu:Pro:20.04:LTS / texmaker

Package

Name
texmaker
Purl
pkg:deb/ubuntu/texmaker@5.0.3-1build5?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.0.3-1build2
5.0.3-1build3
5.0.3-1build4
5.0.3-1build5

Ubuntu:22.04:LTS / blender

Package

Name
blender
Purl
pkg:deb/ubuntu/blender@3.0.1+dfsg-7?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.93.3+dfsg-3
2.93.5+dfsg-1
2.93.5+dfsg-1build1

3.*

3.0.1+dfsg-7

Ubuntu:22.04:LTS / insighttoolkit4

Package

Name
insighttoolkit4
Purl
pkg:deb/ubuntu/insighttoolkit4@4.13.3withdata-dfsg2-1ubuntu1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.13.3withdata-dfsg1-4.1
4.13.3withdata-dfsg2-1ubuntu1

Ubuntu:22.04:LTS / openjpeg2

Package

Name
openjpeg2
Purl
pkg:deb/ubuntu/openjpeg2@2.3.1-1ubuntu5?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.1-1ubuntu5

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjp2-7"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjp2-7-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjp2-7-dev"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjp2-tools"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjp2-tools-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjp3d-tools"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjp3d-tools-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjp3d7"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjp3d7-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjpip-dec-server"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjpip-dec-server-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjpip-server"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjpip-server-dbgsym"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjpip-viewer"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjpip7"
        },
        {
            "binary_version": "2.3.1-1ubuntu5",
            "binary_name": "libopenjpip7-dbgsym"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:22.04:LTS / qtwebengine-opensource-src

Package

Name
qtwebengine-opensource-src
Purl
pkg:deb/ubuntu/qtwebengine-opensource-src@5.15.9+dfsg-1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.6+dfsg-1
5.15.6+dfsg-2
5.15.7+dfsg-2
5.15.8+dfsg-1
5.15.8+dfsg-1build1
5.15.8+dfsg-1build2
5.15.8+dfsg-2
5.15.9+dfsg-1

Ubuntu:22.04:LTS / texmaker

Package

Name
texmaker
Purl
pkg:deb/ubuntu/texmaker@5.0.3-1build9?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.0.3-1build8
5.0.3-1build9

Ubuntu:24.04:LTS / blender

Package

Name
blender
Purl
pkg:deb/ubuntu/blender@4.0.2+dfsg-1ubuntu8?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.2+dfsg-2ubuntu1
3.6.2+dfsg-2ubuntu2

4.*

4.0.2+dfsg-1ubuntu1
4.0.2+dfsg-1ubuntu2
4.0.2+dfsg-1ubuntu4
4.0.2+dfsg-1ubuntu6
4.0.2+dfsg-1ubuntu7
4.0.2+dfsg-1ubuntu8

Ubuntu:24.04:LTS / qtwebengine-opensource-src

Package

Name
qtwebengine-opensource-src
Purl
pkg:deb/ubuntu/qtwebengine-opensource-src@5.15.16+dfsg-3?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.15+dfsg-2
5.15.15+dfsg-2build2
5.15.15+dfsg-2ubuntu1
5.15.16+dfsg-1
5.15.16+dfsg-1ubuntu2
5.15.16+dfsg-1ubuntu4
5.15.16+dfsg-3

Ubuntu:24.04:LTS / texmaker

Package

Name
texmaker
Purl
pkg:deb/ubuntu/texmaker@5.1.3+dfsg-1build8?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.1.3+dfsg-1build4
5.1.3+dfsg-1build5
5.1.3+dfsg-1build6
5.1.3+dfsg-1build7
5.1.3+dfsg-1build8

Ubuntu:25.04 / blender

Package

Name
blender
Purl
pkg:deb/ubuntu/blender@4.3.2+dfsg-2?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.2.1+dfsg-1
4.2.3+dfsg-3
4.3.0+dfsg-1ubuntu1
4.3.0+dfsg-1ubuntu3
4.3.2+dfsg-1ubuntu1
4.3.2+dfsg-2

Ubuntu:25.04 / qtwebengine-opensource-src

Package

Name
qtwebengine-opensource-src
Purl
pkg:deb/ubuntu/qtwebengine-opensource-src@5.15.18+dfsg-2?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.17+dfsg-4
5.15.17+dfsg-5
5.15.17+dfsg2-1
5.15.17+dfsg2-2
5.15.17+dfsg2-3
5.15.18+dfsg-1
5.15.18+dfsg-2

Ubuntu:25.04 / texmaker

Package

Name
texmaker
Purl
pkg:deb/ubuntu/texmaker@5.1.3+dfsg-3?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.1.3+dfsg-2build1
5.1.3+dfsg-3