CVE-2020-8112 — Out-of-bounds Write in Openjpeg

CWE-787 — Out-of-bounds Write CWE-122 — Heap-based Buffer Overflow19 documents10 sources

Severity

8.8HIGHNVD

CNA7.5OSV7.5OSV6.5

EPSS

1.8%

top 17.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

THE Openjpeg Project Openjpeg2 Debian Linux Uclouvain Openjpeg

Timeline

PublishedJan 28

Latest updateMar 15

Description

opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶Debianthe_openjpeg_project/openjpeg2< 2.4.0-1+3

▶Ubuntuthe_openjpeg_project/openjpeg2< 2.1.2-1.1+deb9u5build0.16.04.1+2

▶NVDuclouvain/openjpeg2.3.1

Also affects: Debian Linux 8.0

🔴Vulnerability Details

OSV

openjpeg2 vulnerabilities↗2023-03-15

▶

GHSA

GHSA-g38x-2w55-fmr9: opj_t1_clbl_decode_processor in openjp2/t1↗2022-05-24

▶

OSV

OpenJPEG vulnerabilities↗2020-09-15

▶

OSV

CVE-2020-8112: opj_t1_clbl_decode_processor in openjp2/t1↗2020-01-28

▶

CVEList

CVE-2020-8112: opj_t1_clbl_decode_processor in openjp2/t1↗2020-01-28

▶

📋Vendor Advisories

Ubuntu

OpenJPEG vulnerabilities↗2023-03-15

▶

Ubuntu

Ghostscript vulnerabilities↗2021-01-07

▶

Ubuntu

OpenJPEG vulnerabilities↗2020-09-15

▶

Oracle

Oracle Oracle Database Server Risk Matrix: GeoRaster (OpenJPG) — CVE-2020-8112↗2020-07-15

▶

Red Hat

openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c↗2020-02-07

▶

💬Community

Bugzilla

CVE-2020-8112 openjpeg2: openjpeg: heap based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c [fedora-all]↗2020-02-07

▶

Bugzilla

CVE-2020-8112 openjpeg2: openjpeg: heap based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c [epel-all]↗2020-02-07

▶

Bugzilla

CVE-2020-8112 mingw-openjpeg: openjpeg: heap based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c [fedora-31]↗2020-02-07

▶

Bugzilla

CVE-2020-8112 openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c↗2020-02-07

▶

Bugzilla

CVE-2020-8112 openjpeg2: openjpeg: heap based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c [openstack-rdo]↗2020-02-07

▶