VDB
ALPINE-CVE-2020-27814
ALPINE-CVE-2020-27814
PUBLISHED
CVSS 7.800000190734863 HIGH
A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.11 | openjpeg | 0, 1.5.0-r1, 1.5.0-r2 |
| Alpine:v3.14 | openjpeg | 2.3.0-r2, 2.3.0-r1, 2.2.0-r3 |
| Alpine:v3.23 | openjpeg | 0, 2.3.1-r5, 2.3.1-r4 |
| Alpine:v3.12 | openjpeg | 0, 2.3.1-r5, 1.3-r0 |
| Alpine:v3.15 | openjpeg | 2.3.1-r5, 1.3-r0, 1.3-r1 |
| Alpine:v3.13 | openjpeg | 2.1.0-r1, 2.3.1-r5, 2.3.1-r4 |
| Alpine:v3.19 | openjpeg | 0, 2.3.1-r3, 2.3.1-r5 |
| Alpine:v3.21 | openjpeg | 2.3.1-r5, 0, 1.5.0-r1 |
| Alpine:v3.18 | openjpeg | 2.1.2-r1, 0, 1.3-r1 |
| Alpine:v3.22 | openjpeg | 2.2.0-r0, 2.2.0-r2, 2.3.0-r0 |
| Alpine:v3.10 | openjpeg | 2.1.1-r0, 2.3.1-r4, 2.3.1-r3 |
| Alpine:v3.17 | openjpeg | 0, 2.3.1-r5, 2.3.1-r4 |
| Alpine:v3.16 | openjpeg | 0, 2.3.1-r5, 2.3.1-r4 |
| Alpine:v3.20 | openjpeg | 2.3.1-r5, 1.3-r0, 1.5.0-r1 |
Timeline
- Jan 26, 2021 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch