cbcvebase.
CVE-2020-6851
published 2020-01-13

CVE-2020-6851: OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions…

high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.

Affected

35 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debiandebian_linux
debianopenjpeg2< openjpeg2 2.4.0-1 (bookworm)openjpeg2 2.4.0-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
msrcazl3_openjpeg2_2.3.1-12_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
oraclegeoraster
oracleoutside_in_technology
oracleoutside_in_technology
redhatenterprise_linux
redhatenterprise_linux_desktop
redhatenterprise_linux_eus
redhatenterprise_linux_eus
redhatenterprise_linux_eus
redhatenterprise_linux_eus
redhatenterprise_linux_server
redhatenterprise_linux_server_aus
redhatenterprise_linux_server_aus
redhatenterprise_linux_server_aus
redhatenterprise_linux_server_tus
redhatenterprise_linux_server_tus
redhatenterprise_linux_server_tus

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.5HIGH