CVE-2020-6851 (High) detected in openjpeg5875a6b44618fb7dfd5cd6d742533eaee2014060

[mend-bolt-for-github[bot]]

CVE-2020-6851 - High Severity Vulnerability

Vulnerable Library - openjpeg5875a6b44618fb7dfd5cd6d742533eaee2014060

Official repository of the OpenJPEG project

Library home page: https://github.com/uclouvain/openjpeg.git

Found in HEAD commit: 706b09e38f53ed9d9d022c131ae6564061484cfd

Found in base branch: master

Vulnerable Source Files (1)

Vulnerability Details

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.

Publish Date: 2020-01-13

URL: CVE-2020-6851

CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-6851

Release Date: 2020-01-13

Fix Resolution: openjpeg2 - 2.3.0-9,2.3.1-2,2.3.1-2,2.3.1-2,2.3.0-9,2.3.1-2,2.3.1-2,2.3.1-2,2.3.1-2,2.3.0-9,2.3.1-2,2.3.1-2,2.3.1-2,2.3.1-2,2.3.0-9,2.3.1-2;openjpeg2-devel - 2.3.1-2,2.3.1-2,2.3.1-2,2.3.1-2,2.3.1-2;openjpeg2-tools-debuginfo - 2.3.0-9,2.3.1-2,2.3.1-2,2.3.0-9;openjpeg2-debugsource - 2.3.1-2,2.3.0-9,2.3.1-2,2.3.0-9;openjpeg2-tools - 2.3.1-2,2.3.1-2,2.3.1-2,2.3.1-2,2.3.0-9,2.3.1-2,2.3.1-2,2.3.1-2,2.3.1-2,2.3.1-2,2.3.0-9;openjpeg2-debuginfo - 2.3.1-2,2.3.0-9,2.3.1-2,2.3.1-2,2.3.0-9,2.3.1-2,2.3.1-2,2.3.1-2;openjpeg2-devel-docs - 2.3.1-2,2.3.1-2,2.3.0-9

---

Step up your Open Source Security Game with Mend here