CVE-2020-6851

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://access.redhat.com/errata/RHSA-2020:0262	Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0274	Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0296	Third Party Advisory
https://github.com/uclouvain/openjpeg/issues/1228	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/01/msg00025.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACIIDDCKZJEPKTTFILSOSBQL7L3FC6V/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XBRMI2D3XPVWKE3V52KRBW7BJVLS5LD3/
https://www.debian.org/security/2021/dsa-4882	Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:30:::::::*
	cpe:2.3:o:fedoraproject:fedora:31:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:oracle:georaster:18c:::::::*
	cpe:2.3:a:oracle:outside_in_technology:8.5.4:::::::*
	cpe:2.3:a:oracle:outside_in_technology:8.5.5:::::::*

History

07 Nov 2023, 03:25

Type	Values Removed	Values Added
References	{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBRMI2D3XPVWKE3V52KRBW7BJVLS5LD3/', 'name': 'FEDORA-2020-ab8553f302', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LACIIDDCKZJEPKTTFILSOSBQL7L3FC6V/', 'name': 'FEDORA-2020-6c8804daaa', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACIIDDCKZJEPKTTFILSOSBQL7L3FC6V/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XBRMI2D3XPVWKE3V52KRBW7BJVLS5LD3/ -

29 Apr 2022, 13:24

Type	Values Removed	Values Added
CPE		cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::* cpe:2.3:o:fedoraproject:fedora:30:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::* cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:a:oracle:outside_in_technology:8.5.5:::::::* cpe:2.3:o:fedoraproject:fedora:31:::::::* cpe:2.3:a:oracle:outside_in_technology:8.5.4:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::* cpe:2.3:o:debian:debian_linux:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::* cpe:2.3:o:debian:debian_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::* cpe:2.3:a:oracle:georaster:18c:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2020:0262 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2020:0262 - Third Party Advisory
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2020:0296 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2020:0296 - Third Party Advisory
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html - Mailing List, Third Party Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpujul2020.html -~~	(MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Patch, Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBRMI2D3XPVWKE3V52KRBW7BJVLS5LD3/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBRMI2D3XPVWKE3V52KRBW7BJVLS5LD3/ - Mailing List, Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LACIIDDCKZJEPKTTFILSOSBQL7L3FC6V/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LACIIDDCKZJEPKTTFILSOSBQL7L3FC6V/ - Mailing List, Third Party Advisory
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2020/01/msg00025.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2020/01/msg00025.html - Mailing List, Third Party Advisory
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2020:0274 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2020:0274 - Third Party Advisory
References	~~(DEBIAN) https://www.debian.org/security/2021/dsa-4882 -~~	(DEBIAN) https://www.debian.org/security/2021/dsa-4882 - Third Party Advisory
First Time		Debian debian Linux Redhat enterprise Linux Desktop Oracle outside In Technology Oracle Redhat enterprise Linux Server Redhat enterprise Linux Eus Redhat enterprise Linux Server Tus Redhat enterprise Linux Server Aus Fedoraproject fedora Oracle georaster Debian Redhat enterprise Linux Workstation Redhat enterprise Linux Redhat Fedoraproject

02 Apr 2021, 12:15

Type	Values Removed	Values Added
References		(DEBIAN) https://www.debian.org/security/2021/dsa-4882 -
CPE	cpe:2.3:a:openjpeg:openjpeg::::::::	cpe:2.3:a:uclouvain:openjpeg::::::::

Information

Published : 2020-01-13 06:15

Updated : 2023-12-10 13:13

NVD link : CVE-2020-6851

Mitre link : CVE-2020-6851

CVE.ORG link : CVE-2020-6851

JSON object : View

Products Affected

debian

debian_linux

fedoraproject

fedora

redhat

enterprise_linux
enterprise_linux_server_aus
enterprise_linux_eus
enterprise_linux_server_tus
enterprise_linux_server
enterprise_linux_workstation
enterprise_linux_desktop

oracle

georaster
outside_in_technology

uclouvain

openjpeg

CWE

CWE-787

Out-of-bounds Write

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2020-6851

7.5^/10

5.0^/10

Attach tags to `CVE-2020-6851`