CVE-2020-27814: Heap-based Buffer Overflow

January 26, 2021 (updated July 20, 2021)

A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.

References

bugzilla.redhat.com/show_bug.cgi?id=1901998
github.com/uclouvain/openjpeg/issues/1283
nvd.nist.gov/vuln/detail/CVE-2020-27814

Detect and mitigate CVE-2020-27814 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →