CVE-2020-27841 in Ubuntu

CVE-2020-27841

Priority

Description

There's a flaw in openjpeg in versions prior to 2.4.0 in
src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to
be processed by the openjpeg encoder, this could cause an out-of-bounds
read. The greatest impact from this flaw is to application availability.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27841
https://ubuntu.com/security/notices/USN-4685-1
https://ubuntu.com/security/notices/USN-4686-1
https://ubuntu.com/security/notices/USN-4880-1

Bugs

https://github.com/uclouvain/openjpeg/issues/1293

Notes

Package

Source: blender (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected (code not present)
Ubuntu 20.04 LTS:	not-affected (code not present)
Ubuntu 21.10:	not-affected (code not present)
Ubuntu 22.04 LTS:	not-affected (code not present)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: ghostscript (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	released (9.26~dfsg+0-0ubuntu0.18.04.14)
Ubuntu 20.04 LTS:	not-affected (uses system openjpeg2)
Ubuntu 21.10:	not-affected (uses system openjpeg2)
Ubuntu 16.04 ESM:	released (9.26~dfsg+0-0ubuntu0.16.04.14)
Ubuntu 22.04 LTS:	not-affected (uses system openjpeg2)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: insighttoolkit4 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected (code not present)
Ubuntu 20.04 LTS:	not-affected (code not present)
Ubuntu 21.10:	not-affected (code not present)
Ubuntu 22.04 LTS:	not-affected (code not present)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: openjpeg (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	needs-triage

Patches:

Package

Source: openjpeg2 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	needed
Ubuntu 20.04 LTS:	released (2.3.1-1ubuntu4.20.04.1)
Ubuntu 21.10:	released (2.3.1-1ubuntu5)
Ubuntu 22.04 LTS:	released (2.3.1-1ubuntu5)
Ubuntu 14.04 ESM:	DNE

Patches:

Upstream:

https://github.com/rouault/openjpeg/commit/00383e162ae2f8fc951f5745bf1011771acb8dce

Package

Source: qtwebengine-opensource-src (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	needs-triage
Ubuntu 20.04 LTS:	needs-triage
Ubuntu 21.10:	needs-triage
Ubuntu 22.04 LTS:	needs-triage
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: texmaker (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected (code not present)
Ubuntu 20.04 LTS:	not-affected (code not present)
Ubuntu 21.10:	not-affected (code not present)
Ubuntu 22.04 LTS:	not-affected (code not present)
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-04-25 00:49:26 UTC (commit ecc1009cb19540b950de59270950018900f37f15)