CVE-2020-27823 in Ubuntu

CVE-2020-27823

Priority

Description

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to
pass specially crafted x,y offset input to OpenJPEG to use during encoding.
The highest threat from this vulnerability is to confidentiality,
integrity, as well as system availability.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27823
https://ubuntu.com/security/notices/USN-4685-1
https://ubuntu.com/security/notices/USN-4880-1

Bugs

https://github.com/uclouvain/openjpeg/issues/1284

Notes

Package

Source: blender (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	needs-triage
Ubuntu 20.04 LTS:	needs-triage
Ubuntu 21.10:	needs-triage
Ubuntu 22.04 LTS:	needs-triage
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: ghostscript (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected (code not compiled)
Ubuntu 20.04 LTS:	not-affected (uses system openjpeg2)
Ubuntu 21.10:	not-affected (uses system openjpeg2)
Ubuntu 16.04 ESM:	not-affected (code not compiled)
Ubuntu 22.04 LTS:	not-affected (uses system openjpeg2)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: insighttoolkit4 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	needs-triage
Ubuntu 20.04 LTS:	needs-triage
Ubuntu 21.10:	needs-triage
Ubuntu 22.04 LTS:	needs-triage
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: openjpeg (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	needs-triage

Patches:

Package

Source: openjpeg2 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	needs-triage
Ubuntu 20.04 LTS:	released (2.3.1-1ubuntu4.20.04.1)
Ubuntu 21.10:	released (2.3.1-1ubuntu5)
Ubuntu 22.04 LTS:	released (2.3.1-1ubuntu5)
Ubuntu 14.04 ESM:	DNE

Patches:

Upstream:

https://github.com/uclouvain/openjpeg/commit/b2072402b7e14d22bba6fb8cde2a1e9996e9a919

Package

Source: qtwebengine-opensource-src (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	needs-triage
Ubuntu 20.04 LTS:	needs-triage
Ubuntu 21.10:	needs-triage
Ubuntu 22.04 LTS:	needs-triage
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: texmaker (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	needs-triage
Ubuntu 20.04 LTS:	needs-triage
Ubuntu 21.10:	needs-triage
Ubuntu 22.04 LTS:	needs-triage
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-04-25 00:49:24 UTC (commit ecc1009cb19540b950de59270950018900f37f15)