CVE-2020-8112 (High) detected in openjpeg5875a6b44618fb7dfd5cd6d742533eaee2014060

[mend-bolt-for-github[bot]]

CVE-2020-8112 - High Severity Vulnerability

Vulnerable Library - openjpeg5875a6b44618fb7dfd5cd6d742533eaee2014060

Official repository of the OpenJPEG project

Library home page: https://github.com/uclouvain/openjpeg.git

Found in HEAD commit: 706b09e38f53ed9d9d022c131ae6564061484cfd

Found in base branch: master

Vulnerable Source Files (1)

/src/lib/openjp2/tcd.c

Vulnerability Details

opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.

Publish Date: 2020-01-28

URL: CVE-2020-8112

CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-8112

Release Date: 2020-01-28

Fix Resolution: openjpeg2-devel - 2.3.1-3,2.3.1-3,2.3.1-3,2.3.1-3,2.3.1-3;openjpeg2-tools-debuginfo - 2.3.1-3,2.3.0-10,2.3.0-10,2.3.1-3;openjpeg2-debugsource - 2.3.0-10,2.3.0-10,2.3.1-3,2.3.1-3;openjpeg2-tools - 2.3.0-10,2.3.1-3,2.3.1-3,2.3.1-3,2.3.0-10,2.3.1-3,2.3.1-3,2.3.1-3,2.3.1-3,2.3.1-3,2.3.1-3;openjpeg2-debuginfo - 2.3.0-10,2.3.1-3,2.3.1-3,2.3.1-3,2.3.1-3,2.3.1-3,2.3.0-10,2.3.1-3;openjpeg2-devel-docs - 2.3.0-10,2.3.1-3,2.3.1-3;openjpeg2 - 2.3.1-3,2.3.0-10,2.3.1-3,2.3.1-3,2.3.1-3,2.3.0-10,2.3.1-3,2.3.1-3,2.3.1-3,2.3.0-10,2.3.1-3,2.3.1-3,2.3.1-3,2.3.1-3,2.3.1-3,2.3.0-10

---

Step up your Open Source Security Game with Mend here