CVE-2020-8112Out-of-bounds Write in Openjpeg

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow19 documents10 sources
Severity
8.8HIGHNVD
CNA7.5OSV7.5OSV6.5
EPSS
1.8%
top 17.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
THE Openjpeg Project Openjpeg2Debian LinuxUclouvain Openjpeg
Timeline
PublishedJan 28
Latest updateMar 15

Description

opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

Debianthe_openjpeg_project/openjpeg2< 2.4.0-1+3
Ubuntuthe_openjpeg_project/openjpeg2< 2.1.2-1.1+deb9u5build0.16.04.1+2

Also affects: Debian Linux 8.0

🔴Vulnerability Details

5
OSV
openjpeg2 vulnerabilities2023-03-15
GHSA
GHSA-g38x-2w55-fmr9: opj_t1_clbl_decode_processor in openjp2/t12022-05-24
OSV
OpenJPEG vulnerabilities2020-09-15
OSV
CVE-2020-8112: opj_t1_clbl_decode_processor in openjp2/t12020-01-28
CVEList
CVE-2020-8112: opj_t1_clbl_decode_processor in openjp2/t12020-01-28

📋Vendor Advisories

7
Ubuntu
OpenJPEG vulnerabilities2023-03-15
Ubuntu
Ghostscript vulnerabilities2021-01-07
Ubuntu
OpenJPEG vulnerabilities2020-09-15
Oracle
Oracle Oracle Database Server Risk Matrix: GeoRaster (OpenJPG) — CVE-2020-81122020-07-15
Red Hat
openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c2020-02-07

💬Community

6
Bugzilla
CVE-2020-8112 openjpeg2: openjpeg: heap based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c [fedora-all]2020-02-07
Bugzilla
CVE-2020-8112 openjpeg2: openjpeg: heap based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c [epel-all]2020-02-07
Bugzilla
CVE-2020-8112 mingw-openjpeg: openjpeg: heap based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c [fedora-31]2020-02-07
Bugzilla
CVE-2020-8112 openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c2020-02-07
Bugzilla
CVE-2020-8112 openjpeg2: openjpeg: heap based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c [openstack-rdo]2020-02-07
CVE-2020-8112 — Out-of-bounds Write in Openjpeg | cvebase