CVE-2020-15389
Published: 29 June 2020
jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.
From the Ubuntu Security Team
It was discovered that OpenJPEG did not properly handle certain input. If OpenJPEG were supplied with specially crafted input, it could be made to crash or possibly execute arbitrary code.
Notes
| Author | Note |
|---|---|
| mdeslaur | per upstream bug, this is a read after free, so likely limited to a denial of service. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
ghostscript Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not compiled)
|
| focal |
Not vulnerable
(uses system openjpeg2)
|
|
| groovy |
Not vulnerable
(uses system openjpeg2)
|
|
| hirsute |
Not vulnerable
(uses system openjpeg2)
|
|
| impish |
Not vulnerable
(uses system openjpeg2)
|
|
| jammy |
Not vulnerable
(uses system openjpeg2)
|
|
| kinetic |
Not vulnerable
(uses system openjpeg2)
|
|
| lunar |
Not vulnerable
(uses system openjpeg2)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not compiled)
|
|
|
openjpeg Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
openjpeg2 Launchpad, Ubuntu, Debian |
bionic |
Released
(2.3.0-2+deb10u2build0.18.04.1)
|
| focal |
Released
(2.3.1-1ubuntu4.20.04.1)
|
|
| groovy |
Released
(2.3.1-1ubuntu4.20.10.1)
|
|
| hirsute |
Released
(2.3.1-1ubuntu5)
|
|
| impish |
Released
(2.3.1-1ubuntu5)
|
|
| jammy |
Released
(2.3.1-1ubuntu5)
|
|
| kinetic |
Released
(2.3.1-1ubuntu5)
|
|
| lunar |
Released
(2.3.1-1ubuntu5)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.4.0)
|
|
| xenial |
Released
(2.1.2-1.1+deb9u5build0.16.04.1)
|
|
|
Patches: upstream: https://github.com/uclouvain/openjpeg/commit/e8e258ab049240c2dd1f1051b4e773b21e2d3dc0 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.5 |
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H |