Published: 21/09/2016 Updated: 09/09/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG prior to 2.1.1 allows remote malicious users to have unspecified impact via unknown vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 8.0
uclouvain openjpeg

Debian Bug report logs - #800149 openjpeg2: CVE-2015-8871: Use-after-free in opj_j2k_write_mco Package: src:openjpeg2; Maintainer for src:openjpeg2 is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 27 Sep 2015 11:57:02 UTC ...

GUEB Static analyzer detecting Use-After-Free on binary Presentation GUEB is a static analyzer performing use-after-free detection on binary The tool is still under development, any commentary / help are welcome In summary, GUEB performs a value analysis on binary code, which tracks pointers and the states of the heap objects When GUEB detects the use of a freed pointer, it

CWE-416 http://www.openwall.com/lists/oss-security/2015/09/15/4 https://bugzilla.redhat.com/show_bug.cgi?id=1263359 https://github.com/uclouvain/openjpeg/issues/563 http://www.debian.org/security/2016/dsa-3665 https://github.com/uclouvain/openjpeg/blob/master/CHANGELOG.md https://github.com/uclouvain/openjpeg/commit/940100c28ae28931722290794889cf84a92c5f6f http://www.openwall.com/lists/oss-security/2016/05/13/1 https://security.gentoo.org/glsa/201612-26 http://www.securitytracker.com/id/1038623 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800149 https://nvd.nist.gov

CVE-2015-8871

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect