CVE-2015-8871

Опубликовано: 21 сент. 2016

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.

Ссылки

http://www.debian.org/security/2016/dsa-3665
Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/09/15/4
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/05/13/1
Mailing List
Third Party Advisory
http://www.securitytracker.com/id/1038623
https://bugzilla.redhat.com/show_bug.cgi?id=1263359
Issue Tracking
https://github.com/uclouvain/openjpeg/blob/master/CHANGELOG.md
Release Notes
Third Party Advisory
https://github.com/uclouvain/openjpeg/commit/940100c28ae28931722290794889cf84a92c5f6f
Issue Tracking
Patch
https://github.com/uclouvain/openjpeg/issues/563
Issue Tracking
Patch
https://security.gentoo.org/glsa/201612-26
http://www.debian.org/security/2016/dsa-3665
Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/09/15/4
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/05/13/1
Mailing List
Third Party Advisory
http://www.securitytracker.com/id/1038623
https://bugzilla.redhat.com/show_bug.cgi?id=1263359
Issue Tracking
https://github.com/uclouvain/openjpeg/blob/master/CHANGELOG.md
Release Notes
Third Party Advisory
https://github.com/uclouvain/openjpeg/commit/940100c28ae28931722290794889cf84a92c5f6f
Issue Tracking
Patch
https://github.com/uclouvain/openjpeg/issues/563
Issue Tracking
Patch
https://security.gentoo.org/glsa/201612-26

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*

Версия до 2.1.0 (включая)

EPSS

Процентиль: 84%

0.0223

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-416

Связанные уязвимости

CVE-2015-8871

CVSS3: 9.8

ubuntu

больше 9 лет назад

Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.

CVE-2015-8871

redhat

больше 10 лет назад

Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.

CVE-2015-8871

CVSS3: 9.8

debian

больше 9 лет назад

Use-after-free vulnerability in the opj_j2k_write_mco function in j2k. ...

GHSA-34fc-57pc-g3m4

CVSS3: 9.8

github

больше 3 лет назад

Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.

openSUSE-SU-2017:2186-1

suse-cvrf

больше 8 лет назад

Security update for openjpeg2

EPSS

Процентиль: 84%

0.0223

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-416