CVE-2020-6851 log

Source
Severity Medium
Remote No
Type Arbitrary code execution
Description
OpenJPEG before version 2.4.0 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
Group Package Affected Fixed Severity Status Ticket
AVG-1339 openjpeg2 2.3.1-2 2.4.0-1 Medium Fixed
Date Advisory Group Package Severity Type
09 Dec 2020 ASA-202012-21 AVG-1339 openjpeg2 Medium multiple issues
References
https://github.com/uclouvain/openjpeg/issues/1228
https://github.com/uclouvain/openjpeg/pull/1229
https://github.com/uclouvain/openjpeg/commit/024b8407392cb0b82b04b58ed256094ed5799e04