CVE-2020-6851

HIGH EPSS 91.1%
Published Jan 13, 20206y ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
High
Find Similar
Published Jan 13, 2020 6y ago
Last Modified Jun 17, 2026 2w ago

Description

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
91.1% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 23

VendorProductVersionRange
uclouvainopenjpeg* ≤2.3.1
fedoraprojectfedora30any
fedoraprojectfedora31any
debiandebian_linux8.0any
debiandebian_linux9.0any
debiandebian_linux10.0any
redhatenterprise_linux8.0any
redhatenterprise_linux_desktop7.0any
redhatenterprise_linux_eus7.7any
redhatenterprise_linux_eus8.1any
redhatenterprise_linux_eus8.2any
redhatenterprise_linux_eus8.4any
redhatenterprise_linux_server7.0any
redhatenterprise_linux_server_aus7.7any
redhatenterprise_linux_server_aus8.2any
redhatenterprise_linux_server_aus8.4any
redhatenterprise_linux_server_tus7.7any
redhatenterprise_linux_server_tus8.2any
redhatenterprise_linux_server_tus8.4any
redhatenterprise_linux_workstation7.0any
oraclegeoraster18cany
oracleoutside_in_technology8.5.4any
oracleoutside_in_technology8.5.5any

References 10

  • access.redhat.com https://access.redhat.com/errata/RHSA-2020:0262
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2020:0274
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2020:0296
    Third Party Advisory
  • github.com https://github.com/uclouvain/openjpeg/issues/1228
    ExploitThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2020/01/msg00025.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html
    Mailing ListThird Party Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACIIDDCKZJEPKTTFILSOSBQL7L3FC6V/
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XBRMI2D3XPVWKE3V52KRBW7BJVLS5LD3/
  • debian.org https://www.debian.org/security/2021/dsa-4882
    Third Party Advisory
  • oracle.com https://www.oracle.com/security-alerts/cpujul2020.html
    PatchThird Party Advisory

Remediation

  • oracle.com https://www.oracle.com/security-alerts/cpujul2020.html
    PatchThird Party Advisory