{"id":"USN-5952-1","summary":"openjpeg2 vulnerabilities","details":"Sebastian Poeplau discovered that OpenJPEG incorrectly handled certain inputs.\nIf a user or an automated system were tricked into opening a specially crafted\ninput file, a remote attacker could possibly use this issue to cause a denial\nof service or execute arbitrary code. This issue only affected Ubuntu 18.04\nLTS. (CVE-2020-6851, CVE-2020-8112)\n\nIt was discovered that OpenJPEG incorrectly handled certain inputs. If a user\nor an automated system were tricked into opening a specially crafted input\nfile, a remote attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS.\n(CVE-2020-15389, CVE-2020-27814, CVE-2020-27823, CVE-2020-27824,\nCVE-2020-27841, CVE-2020-27845)\n\nIt was discovered that OpenJPEG incorrectly handled certain inputs. If a user\nor an automated system were tricked into opening a specially crafted input\nfile, a remote attacker could possibly use this issue to cause a denial of\nservice. (CVE-2020-27842, CVE-2020-27843)\n","modified":"2026-04-27T16:47:19.544790039Z","published":"2023-03-15T11:56:14Z","related":["UBUNTU-CVE-2020-15389","UBUNTU-CVE-2020-27814","UBUNTU-CVE-2020-27823","UBUNTU-CVE-2020-27824","UBUNTU-CVE-2020-27841","UBUNTU-CVE-2020-27842","UBUNTU-CVE-2020-27843","UBUNTU-CVE-2020-27845","UBUNTU-CVE-2020-6851","UBUNTU-CVE-2020-8112"],"upstream":["CVE-2020-15389","CVE-2020-27814","CVE-2020-27823","CVE-2020-27824","CVE-2020-27841","CVE-2020-27842","CVE-2020-27843","CVE-2020-27845","CVE-2020-6851","CVE-2020-8112","UBUNTU-CVE-2020-15389","UBUNTU-CVE-2020-27814","UBUNTU-CVE-2020-27823","UBUNTU-CVE-2020-27824","UBUNTU-CVE-2020-27841","UBUNTU-CVE-2020-27842","UBUNTU-CVE-2020-27843","UBUNTU-CVE-2020-27845","UBUNTU-CVE-2020-6851","UBUNTU-CVE-2020-8112"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5952-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-6851"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-8112"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-15389"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-27814"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-27823"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-27824"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-27841"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-27842"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-27843"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-27845"}],"affected":[{"package":{"name":"openjpeg2","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/openjpeg2@2.1.2-1.1+deb9u6ubuntu0.1~esm3?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.2-1.1+deb9u6ubuntu0.1~esm3"}]}],"versions":["2.1.0-2.1","2.1.0-2.1ubuntu0.1","2.1.2-1.1+deb9u2build0.1","2.1.2-1.1+deb9u3build0.16.04.1","2.1.2-1.1+deb9u3ubuntu0.1~esm1","2.1.2-1.1+deb9u5build0.16.04.1","2.1.2-1.1+deb9u5ubuntu0.1~esm1","2.1.2-1.1+deb9u6build0.16.04.1","2.1.2-1.1+deb9u6ubuntu0.1~esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"2.1.2-1.1+deb9u6ubuntu0.1~esm3","binary_name":"libopenjp2-7"},{"binary_version":"2.1.2-1.1+deb9u6ubuntu0.1~esm3","binary_name":"libopenjp2-tools"},{"binary_version":"2.1.2-1.1+deb9u6ubuntu0.1~esm3","binary_name":"libopenjp3d-tools"},{"binary_version":"2.1.2-1.1+deb9u6ubuntu0.1~esm3","binary_name":"libopenjp3d7"},{"binary_version":"2.1.2-1.1+deb9u6ubuntu0.1~esm3","binary_name":"libopenjpip-dec-server"},{"binary_version":"2.1.2-1.1+deb9u6ubuntu0.1~esm3","binary_name":"libopenjpip-server"},{"binary_version":"2.1.2-1.1+deb9u6ubuntu0.1~esm3","binary_name":"libopenjpip-viewer"},{"binary_version":"2.1.2-1.1+deb9u6ubuntu0.1~esm3","binary_name":"libopenjpip7"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5952-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"id":"CVE-2020-27842","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-27843","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]}]}}},{"package":{"name":"openjpeg2","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/openjpeg2@2.3.0-2+deb10u2build0.18.04.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.0-2+deb10u2build0.18.04.1"}]}],"versions":["2.2.0-1","2.3.0-1","2.3.0-2build0.18.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"2.3.0-2+deb10u2build0.18.04.1","binary_name":"libopenjp2-7"},{"binary_version":"2.3.0-2+deb10u2build0.18.04.1","binary_name":"libopenjp2-tools"},{"binary_version":"2.3.0-2+deb10u2build0.18.04.1","binary_name":"libopenjp3d-tools"},{"binary_version":"2.3.0-2+deb10u2build0.18.04.1","binary_name":"libopenjp3d7"},{"binary_version":"2.3.0-2+deb10u2build0.18.04.1","binary_name":"libopenjpip-dec-server"},{"binary_version":"2.3.0-2+deb10u2build0.18.04.1","binary_name":"libopenjpip-server"},{"binary_version":"2.3.0-2+deb10u2build0.18.04.1","binary_name":"libopenjpip-viewer"},{"binary_version":"2.3.0-2+deb10u2build0.18.04.1","binary_name":"libopenjpip7"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5952-1.json","cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"id":"CVE-2020-6851","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-8112","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-15389","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2020-27814","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-27823","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-27824","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-27841","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2020-27842","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-27845","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}]}}}],"schema_version":"1.7.5"}