VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 5, 2021· Updated Aug 4, 2024

CVE-2020-27845

CVE-2020-27845

Description

Heap-based buffer overflow in OpenJPEG 2.4.0 prior allows out-of-bounds read via crafted input, impacting availability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Heap-based buffer overflow in OpenJPEG 2.4.0 prior allows out-of-bounds read via crafted input, impacting availability.

Vulnerability

A flaw exists in src/lib/openjp2/pi.c of OpenJPEG in versions prior to 2.4.0. The functions opj_pi_next_rlcp, opj_pi_next_rpcl, and opj_pi_next_lrcp contain a heap-based buffer overflow that leads to an out-of-bounds read. The issue is reachable when an attacker provides untrusted input to OpenJPEG's conversion or encoding functionality [1][3].

Exploitation

An attacker must supply crafted, untrusted data to an application using OpenJPEG for JPEG 2000 encoding or conversion. No special authentication or network position beyond the ability to submit the malicious input is required. The vulnerable code path is triggered during packet iterator processing, causing a read beyond the allocated heap buffer [1].

Impact

Successful exploitation results in an out-of-bounds read, which can cause a crash (denial of service) and may potentially lead to information disclosure. The highest impact according to Red Hat is availability; confidentiality and integrity are not directly compromised [1].

Mitigation

The flaw is fixed in OpenJPEG version 2.4.0, released on 2020-12-07 [3]. Users should upgrade to 2.4.0 or later. No workaround is available. Gentoo users can emerge the updated package [3].

References
  1. heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c
  2. Multiple vulnerabilities (GLSA 202101-29) — Gentoo security

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

50

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Missing bounds validation in packet iteration functions allows an out-of-bounds heap read when processing crafted image input."

Attack vector

An attacker provides a crafted, untrusted input image to OpenJPEG's conversion or encoding functionality. The lack of proper bounds checking in the packet iteration functions allows the processing of malformed tile-part or packet headers to read beyond the allocated heap buffer [ref_id=1]. This out-of-bounds read can lead to a crash, impacting application availability.

Affected code

The flaw resides in `src/lib/openjp2/pi.c` of OpenJPEG, specifically in the functions `opj_pi_next_rlcp`, `opj_pi_next_rpcl`, and `opj_pi_next_lrcp` [ref_id=1]. These functions are part of the packet iteration logic used during conversion/encoding.

What the fix does

The advisory does not include a patch diff, but the fix in OpenJPEG 2.4.0 adds bounds checks to the packet iteration loops in `pi.c` to prevent reading past the end of allocated buffers. By validating packet indices and progression parameters before dereferencing pointers, the patch ensures that malformed input cannot trigger an out-of-bounds read.

Preconditions

  • inputThe attacker must supply a crafted image file to OpenJPEG's encoding or conversion API.
  • authNo authentication is required; the attack is triggered purely by processing untrusted input.

Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

7

News mentions

0

No linked articles in our index yet.