OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2020:0262 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2020:0274 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2020:0296 | Third Party Advisory |
https://github.com/uclouvain/openjpeg/issues/1228 | Exploit Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/01/msg00025.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACIIDDCKZJEPKTTFILSOSBQL7L3FC6V/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XBRMI2D3XPVWKE3V52KRBW7BJVLS5LD3/ | |
https://www.debian.org/security/2021/dsa-4882 | Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2020.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
07 Nov 2023, 03:25
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
29 Apr 2022, 13:24
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:georaster:18c:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* |
|
References | (REDHAT) https://access.redhat.com/errata/RHSA-2020:0262 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2020:0296 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html - Mailing List, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Patch, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBRMI2D3XPVWKE3V52KRBW7BJVLS5LD3/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LACIIDDCKZJEPKTTFILSOSBQL7L3FC6V/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/01/msg00025.html - Mailing List, Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2020:0274 - Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2021/dsa-4882 - Third Party Advisory | |
First Time |
Debian debian Linux
Redhat enterprise Linux Desktop Oracle outside In Technology Oracle Redhat enterprise Linux Server Redhat enterprise Linux Eus Redhat enterprise Linux Server Tus Redhat enterprise Linux Server Aus Fedoraproject fedora Oracle georaster Debian Redhat enterprise Linux Workstation Redhat enterprise Linux Redhat Fedoraproject |
02 Apr 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CPE | cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:* |
Information
Published : 2020-01-13 06:15
Updated : 2023-12-10 13:13
NVD link : CVE-2020-6851
Mitre link : CVE-2020-6851
CVE.ORG link : CVE-2020-6851
JSON object : View
Products Affected
debian
- debian_linux
fedoraproject
- fedora
redhat
- enterprise_linux
- enterprise_linux_server_aus
- enterprise_linux_eus
- enterprise_linux_server_tus
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_desktop
oracle
- georaster
- outside_in_technology
uclouvain
- openjpeg
CWE
CWE-787
Out-of-bounds Write