CVE-2020-15389 - log back

CVE-2020-15389 edited at 29 Dec 2020 11:17:35
Description
- jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.
+ jp2/opj_decompress.c in OpenJPEG before version 2.4.0 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.
CVE-2020-15389 edited at 10 Dec 2020 13:46:15
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
CVE-2020-15389 edited at 10 Dec 2020 13:45:32
Description
+ jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.
References
+ https://github.com/uclouvain/openjpeg/issues/1261
+ https://github.com/uclouvain/openjpeg/pull/1262
+ https://github.com/uclouvain/openjpeg/commit/e8e258ab049240c2dd1f1051b4e773b21e2d3dc0
CVE-2020-15389 created at 10 Dec 2020 13:44:08
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes