CVE-2020-15389
Published: 29 June 2020
jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.
From the Ubuntu Security Team
It was discovered that OpenJPEG did not properly handle certain input. If OpenJPEG were supplied with specially crafted input, it could be made to crash or possibly execute arbitrary code.
Notes
Author | Note |
---|---|
mdeslaur | per upstream bug, this is a read after free, so likely limited to a denial of service. |
Priority
Status
Package | Release | Status |
---|---|---|
openjpeg Launchpad, Ubuntu, Debian |
hirsute |
Does not exist
|
bionic |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
upstream |
Needs triage
|
|
trusty |
Not vulnerable
(code not present)
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
xenial |
Not vulnerable
(code not present)
|
|
ghostscript Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(uses system openjpeg2)
|
groovy |
Not vulnerable
(uses system openjpeg2)
|
|
hirsute |
Not vulnerable
(uses system openjpeg2)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
bionic |
Not vulnerable
(code not compiled)
|
|
xenial |
Not vulnerable
(code not compiled)
|
|
kinetic |
Not vulnerable
(uses system openjpeg2)
|
|
impish |
Not vulnerable
(uses system openjpeg2)
|
|
jammy |
Not vulnerable
(uses system openjpeg2)
|
|
lunar |
Not vulnerable
(uses system openjpeg2)
|
|
openjpeg2 Launchpad, Ubuntu, Debian |
focal |
Released
(2.3.1-1ubuntu4.20.04.1)
|
groovy |
Released
(2.3.1-1ubuntu4.20.10.1)
|
|
bionic |
Released
(2.3.0-2+deb10u2build0.18.04.1)
|
|
hirsute |
Released
(2.3.1-1ubuntu5)
|
|
impish |
Released
(2.3.1-1ubuntu5)
|
|
jammy |
Released
(2.3.1-1ubuntu5)
|
|
kinetic |
Released
(2.3.1-1ubuntu5)
|
|
lunar |
Released
(2.3.1-1ubuntu5)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.4.0)
|
|
xenial |
Released
(2.1.2-1.1+deb9u5build0.16.04.1)
|
|
Patches: upstream: https://github.com/uclouvain/openjpeg/commit/e8e258ab049240c2dd1f1051b4e773b21e2d3dc0 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H |