Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2020-15389

Published: 29/06/2020 Updated: 06/10/2022
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 4.2 | Exploitability Score: 2.2
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Subscribe to Uclouvain

Vulnerability Summary

jp2/opj_decompress.c in OpenJPEG up to and including 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

uclouvain openjpeg

debian debian linux 9.0

debian debian linux 10.0

oracle outside in technology 8.5.4

oracle outside in technology 8.5.5

Vendor Advisories

Debian CVElist Bug Report Logs: openjpeg2: CVE-2020-15389
Debian Bug report logs - #965220 openjpeg2: CVE-2020-15389 Package: src:openjpeg2; Maintainer for src:openjpeg2 is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 17 Jul 2020 20:00:02 UTC Severity: important Tags: security, ...
Debian Security Advisories: DSA-4882-1 openjpeg2 -- security update
Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec, which could result in denial of service or the execution of arbitrary code when opening a malformed image For the stable distribution (buster), these problems have been fixed in version 230-2+deb10u2 We recommend that you upgrade your openjpeg2 packages ...
Amazon Linux 2: ALAS2-2022-1741
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pic in OpenJPEG through 230 allow remote attackers to cause a denial of service (application crash) (CVE-2018-20845) An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pic in Ope ...
Arch Linux Issues:
jp2/opj_decompressc in OpenJPEG through 231 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor Triggering a double-free may also be possible This is related to calling opj_image_destroy twice ...

References

CWE-416https://github.com/uclouvain/openjpeg/issues/1261https://pastebin.com/4sDKQ7U8https://lists.debian.org/debian-lts-announce/2020/07/msg00008.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://security.gentoo.org/glsa/202101-29https://www.debian.org/security/2021/dsa-4882https://www.oracle.com//security-alerts/cpujul2021.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965220https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4882
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333CVE-2024-33901CVE-2024-36001CVE-2024-2835firewallXPath injectionauthentication bypassCVE-2024-22120CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook