Описание
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
A heap-based buffer overflow flaw was found in openjpeg in the opj_t1_clbl_decode_processor in libopenjp2.so. Affecting versions through 2.3.1, the highest threat from this vulnerability is to file confidentiality and integrity as well as system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | openjpeg | Not affected | ||
| Red Hat Enterprise Linux 7 | openjpeg | Not affected | ||
| Red Hat Enterprise Linux 7 | openjpeg2 | Fixed | RHSA-2020:0262 | 28.01.2020 |
| Red Hat Enterprise Linux 8 | openjpeg2 | Fixed | RHSA-2020:0274 | 29.01.2020 |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | openjpeg2 | Fixed | RHSA-2020:0296 | 30.01.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl ...
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in libopenjp2.so.
EPSS
8.1 High
CVSS3