CVE-2020-6851

Опубликовано: 13 янв. 2020

Источник: debian

Описание

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
openjpeg2	fixed	2.4.0-1		package

Примечания

https://github.com/uclouvain/openjpeg/issues/1228
https://github.com/uclouvain/openjpeg/commit/024b8407392cb0b82b04b58ed256094ed5799e04 (v2.4.0)

Связанные уязвимости

CVE-2020-6851

CVSS3: 7.5

ubuntu

около 6 лет назад

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.

CVE-2020-6851

CVSS3: 8.1

redhat

около 6 лет назад

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.

CVE-2020-6851

CVSS3: 7.5

nvd

около 6 лет назад

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.

GHSA-6gvh-974v-q8vj

CVSS3: 7.5

github

больше 3 лет назад

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in libopenjp2.so.

ELSA-2020-0274

oracle-oval

около 6 лет назад

ELSA-2020-0274: openjpeg2 security update (IMPORTANT)