Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2020-15389

Published: 29 June 2020

jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.

From the Ubuntu Security Team

It was discovered that OpenJPEG did not properly handle certain input. If OpenJPEG were supplied with specially crafted input, it could be made to crash or possibly execute arbitrary code.

Notes

AuthorNote
mdeslaur
per upstream bug, this is a read after free, so likely limited
to a denial of service.

Priority

Low

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package Release Status
openjpeg
Launchpad, Ubuntu, Debian
hirsute Does not exist

bionic Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

upstream Needs triage

trusty Not vulnerable
(code not present)
impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

xenial Not vulnerable
(code not present)
ghostscript
Launchpad, Ubuntu, Debian
focal Not vulnerable
(uses system openjpeg2)
groovy Not vulnerable
(uses system openjpeg2)
hirsute Not vulnerable
(uses system openjpeg2)
trusty Does not exist

upstream Needs triage

bionic Not vulnerable
(code not compiled)
xenial Not vulnerable
(code not compiled)
kinetic Not vulnerable
(uses system openjpeg2)
impish Not vulnerable
(uses system openjpeg2)
jammy Not vulnerable
(uses system openjpeg2)
lunar Not vulnerable
(uses system openjpeg2)
openjpeg2
Launchpad, Ubuntu, Debian
focal
Released (2.3.1-1ubuntu4.20.04.1)
groovy
Released (2.3.1-1ubuntu4.20.10.1)
bionic
Released (2.3.0-2+deb10u2build0.18.04.1)
hirsute
Released (2.3.1-1ubuntu5)
impish
Released (2.3.1-1ubuntu5)
jammy
Released (2.3.1-1ubuntu5)
kinetic
Released (2.3.1-1ubuntu5)
lunar
Released (2.3.1-1ubuntu5)
trusty Does not exist

upstream
Released (2.4.0)
xenial
Released (2.1.2-1.1+deb9u5build0.16.04.1)
Patches:
upstream: https://github.com/uclouvain/openjpeg/commit/e8e258ab049240c2dd1f1051b4e773b21e2d3dc0

Severity score breakdown

Parameter Value
Base score 6.5
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Unchanged
Confidentiality Low
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H