Lucene search

[email protected]CVE-2020-6851

HistoryJan 13, 2020 - 6:15 a.m.

CVE-2020-6851

2020-01-1306:15:10

CWE-787

[email protected]

web.nvd.nist.gov

327

openjpeg

2.3.1

heap-based buffer overflow

cve-2020-6851

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.9 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.5%

JSON

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.

Affected configurations

NVD

Node

uclouvainopenjpegRange≤2.3.1

Node

fedoraprojectfedoraMatch30

fedoraprojectfedoraMatch31

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

Node

redhatenterprise_linuxMatch8.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_eusMatch7.7

redhatenterprise_linux_eusMatch8.1

redhatenterprise_linux_eusMatch8.2

redhatenterprise_linux_eusMatch8.4

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.7

redhatenterprise_linux_server_ausMatch8.2

redhatenterprise_linux_server_ausMatch8.4

redhatenterprise_linux_server_tusMatch7.7

redhatenterprise_linux_server_tusMatch8.2

redhatenterprise_linux_server_tusMatch8.4

redhatenterprise_linux_workstationMatch7.0

Node

oraclegeorasterMatch18c

oracleoutside_in_technologyMatch8.5.4

oracleoutside_in_technologyMatch8.5.5

CPENameOperatorVersion
uclouvain:openjpeguclouvain openjpegle2.3.1

CPE	Name	Operator	Version
uclouvain:openjpeg	uclouvain openjpeg	le	2.3.1

References

access.redhat.com/errata/RHSA-2020:0262

access.redhat.com/errata/RHSA-2020:0274

access.redhat.com/errata/RHSA-2020:0296

github.com/uclouvain/openjpeg/issues/1228

lists.debian.org/debian-lts-announce/2020/01/msg00025.html

lists.debian.org/debian-lts-announce/2020/07/msg00008.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACIIDDCKZJEPKTTFILSOSBQL7L3FC6V/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XBRMI2D3XPVWKE3V52KRBW7BJVLS5LD3/

www.debian.org/security/2021/dsa-4882

www.oracle.com/security-alerts/cpujul2020.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.9 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.5%

JSON

Related for CVE-2020-6851

oraclelinux2 osv8 nessus26 alpinelinux2 nvd2 openvas18 centos1 fedora4 ubuntucve2 redhat3 veracode1 cvelist2 debian4 redhatcve1 prion2 mageia2 debiancve2 cve1 ubuntu3 cloudfoundry1 archlinux1 suse1 oracle1