Login Sign Up

CVE-2020-27844

7.8 HIGH
Denial of Service

📋 TL;DR

CVE-2020-27844 is an out-of-bounds write vulnerability in OpenJPEG's t2.c file that allows attackers to compromise confidentiality, integrity, and availability by providing crafted input during image conversion/encoding. This affects any system using OpenJPEG versions before 2.4.0 for processing JPEG2000 images. Applications that parse untrusted JPEG2000 files are particularly vulnerable.

💻 Affected Systems

Products:
  • OpenJPEG
  • Applications using OpenJPEG library (e.g., image viewers, converters, document processors)
Versions: All versions before 2.4.0
Operating Systems: Linux, Windows, macOS, BSD - any OS with vulnerable OpenJPEG
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when processing specially crafted JPEG2000 images

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Openjpeg by Uclouvain

View all CVEs affecting Openjpeg →

Outside In Technology by Oracle

View all CVEs affecting Outside In Technology →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or service disruption

🟠

Likely Case

Application crash (denial of service) or limited memory corruption

🟢

If Mitigated

Contained crash of the OpenJPEG process without system-wide impact

🌐 Internet-Facing: HIGH if processing user-uploaded JPEG2000 images
🏢 Internal Only: MEDIUM for internal image processing systems

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Proof-of-concept available in Red Hat Bugzilla; exploitation requires feeding malicious JPEG2000 files

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: OpenJPEG 2.4.0 and later

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=1907521

Restart Required: Yes

Instructions:

1. Update OpenJPEG to version 2.4.0 or later. 2. For Linux distributions: Use package manager (apt/yum/dnf) to update libopenjp2 package. 3. Rebuild any applications statically linked to OpenJPEG. 4. Restart affected services.

🔧 Temporary Workarounds

Disable JPEG2000 processing

all

Configure applications to reject or not process JPEG2000 image formats

Input validation

all

Implement strict file type validation before passing to OpenJPEG

🧯 If You Can't Patch

  • Isolate OpenJPEG usage to dedicated, restricted containers/VMs
  • Implement network segmentation and strict access controls for systems using OpenJPEG

🔍 How to Verify

Check if Vulnerable:

Check OpenJPEG version: openjp2 --version or dpkg -l | grep libopenjp2 or rpm -q openjpeg2

Check Version:

openjp2 --version 2>/dev/null || dpkg -l libopenjp2* 2>/dev/null || rpm -q openjpeg2 2>/dev/null

Verify Fix Applied:

Confirm version is 2.4.0 or higher and test with known malicious JPEG2000 samples

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults in OpenJPEG functions
  • Unexpected process termination when processing image files

Network Indicators:

  • Unusual uploads of JPEG2000 files to web applications
  • Exploitation attempts via image upload endpoints

SIEM Query:

process_name:"openjp2" AND (event_type:crash OR exit_code:139)

📊 Metadata

CVE ID: CVE-2020-27844
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-20
Published: January 5, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-27844, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)