Unrated severityNVD Advisory· Published May 13, 2021· Updated Aug 4, 2024

CVE-2020-27823

Description

A heap-buffer-overflow write in OpenJPEG's encoder via crafted x,y offset inputs can allow denial of service or information disclosure.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A heap-buffer-overflow write in OpenJPEG's encoder via crafted x,y offset inputs can allow denial of service or information disclosure.

Vulnerability

A flaw in OpenJPEG's encoder allows an attacker to pass specially crafted x,y offset input values to the opj_tcd_dc_level_shift_encode() function, leading to a heap-buffer-overflow write. The vulnerability exists in OpenJPEG versions prior to the fix committed for this CVE. The code path is reachable when the library is used to encode untrusted image files, specifically during image conversion operations [1].

Exploitation

An attacker needs only to supply a crafted image with malicious x,y offset parameters to an application using OpenJPEG for encoding. No authentication or special network position is required; the attack can be carried out by convincing a user to convert a malicious image file with OpenJPEG or by feeding the crafted input directly to the library. The trigger occurs during the encoding process in the opj_tcd_dc_level_shift_encode() function, resulting in a heap-buffer-overflow write [1].

Impact

Successful exploitation could lead to a denial of service (crash) and potentially information disclosure or arbitrary code execution, depending on the context. The highest threat is to confidentiality, integrity, and system availability. An attacker may corrupt heap memory, possibly leading to further compromise of the application or system [1].

Mitigation

Red Hat has rated this flaw as Moderate severity. The primary mitigation is to avoid using OpenJPEG to convert untrusted image files. Patches have been committed upstream, and updates are available through affected distributions such as Fedora and EPEL. Users should update to the latest fixed version of OpenJPEG (e.g., openjpeg2) for their respective package repositories as tracked in bug reports [1].

References

1905762 – (CVE-2020-27823) CVE-2020-27823 openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode()

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

OpenJPEG/OpenJPEG’s encoderdescription
Uclouvain/Openjpegllm-fuzzy
osv-coords62 versions
pkg:rpm/almalinux/openjpeg2 pkg:rpm/almalinux/openjpeg2-devel pkg:rpm/almalinux/openjpeg2-devel-docs pkg:rpm/almalinux/openjpeg2-tools pkg:rpm/opensuse/openjpeg2&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/openjpeg&distro=openSUSE%20Leap%2015.3 pkg:rpm/suse/openjpeg2&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openjpeg2&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/openjpeg2&distro=SUSE%20Enterprise%20Storage%207 pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3 pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3 pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2 pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCL pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/openjpeg2&distro=SUSE%20Manager%20Proxy%204.1 pkg:rpm/suse/openjpeg2&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1 pkg:rpm/suse/openjpeg2&distro=SUSE%20Manager%20Server%204.1 pkg:rpm/suse/openjpeg2&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openjpeg2&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openjpeg2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openjpeg2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openjpeg&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/openjpeg&distro=SUSE%20Enterprise%20Storage%207 pkg:rpm/suse/openjpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/openjpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/openjpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS pkg:rpm/suse/openjpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/openjpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/openjpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/openjpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3 pkg:rpm/suse/openjpeg&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2 pkg:rpm/suse/openjpeg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/openjpeg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/openjpeg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCL pkg:rpm/suse/openjpeg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/openjpeg&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/openjpeg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/openjpeg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/openjpeg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/openjpeg&distro=SUSE%20Manager%20Proxy%204.1 pkg:rpm/suse/openjpeg&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1 pkg:rpm/suse/openjpeg&distro=SUSE%20Manager%20Server%204.1
< 2.4.0-4.el8+ 61 more
- (no CPE)range: < 2.4.0-4.el8
- (no CPE)range: < 2.4.0-4.el8
- (no CPE)range: < 2.4.0-4.el8
- (no CPE)range: < 2.4.0-4.el8
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 1.5.2-150000.4.5.1
- (no CPE)range: < 2.1.0-4.15.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.1.0-4.15.1
- (no CPE)range: < 2.1.0-4.15.1
- (no CPE)range: < 2.1.0-4.15.1
- (no CPE)range: < 2.1.0-4.15.1
- (no CPE)range: < 2.1.0-4.15.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.1.0-4.15.1
- (no CPE)range: < 2.1.0-4.15.1
- (no CPE)range: < 2.1.0-4.15.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.1.0-4.15.1
- (no CPE)range: < 2.1.0-4.15.1
- (no CPE)range: < 2.1.0-4.15.1
- (no CPE)range: < 2.1.0-4.15.1
- (no CPE)range: < 1.5.2-150000.4.5.1
- (no CPE)range: < 1.5.2-150000.4.5.1
- (no CPE)range: < 1.5.2-150000.4.5.1
- (no CPE)range: < 1.5.2-150000.4.5.1
- (no CPE)range: < 1.5.2-150000.4.5.1
- (no CPE)range: < 1.5.2-150000.4.5.1
- (no CPE)range: < 1.5.2-150000.4.5.1
- (no CPE)range: < 1.5.2-150000.4.5.1
- (no CPE)range: < 1.5.2-150000.4.5.1
- (no CPE)range: < 1.5.2-150000.4.5.1
- (no CPE)range: < 1.5.2-150000.4.5.1
- (no CPE)range: < 1.5.2-150000.4.5.1
- (no CPE)range: < 1.5.2-150000.4.5.1
- (no CPE)range: < 1.5.2-150000.4.5.1
- (no CPE)range: < 1.5.2-150000.4.5.1
- (no CPE)range: < 1.5.2-150000.4.5.1
- (no CPE)range: < 1.5.2-150000.4.5.1
- (no CPE)range: < 1.5.2-150000.4.5.1
- (no CPE)range: < 1.5.2-150000.4.5.1
- (no CPE)range: < 1.5.2-150000.4.5.1
- (no CPE)range: < 1.5.2-150000.4.5.1

Patches

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP/mitrevendor-advisoryx_refsource_FEDORA
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/mitrevendor-advisoryx_refsource_FEDORA
www.debian.org/security/2021/dsa-4882mitrevendor-advisoryx_refsource_DEBIAN
bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
lists.debian.org/debian-lts-announce/2021/02/msg00011.htmlmitremailing-listx_refsource_MLIST

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000