Back to search
CVE-2020-15389
Published: Jun 29, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/uclouvain/openjpeg/issues/1261
x_refsource_MISC
[debian-lts-announce] 20200710 [SECURITY] [DLA 2277-1] openjpeg2 security update
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC
https://pastebin.com/4sDKQ7U8
x_refsource_MISC
GLSA-202101-29
vendor-advisory
x_refsource_GENTOO
DSA-4882
vendor-advisory
x_refsource_DEBIAN
https://www.oracle.com//security-alerts/cpujul2021.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now