1. CVE-Search
  2. CVE-2020-8112
ID CVE-2020-8112
Summary opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
References
Vulnerable Configurations
  • cpe:2.3:a:uclouvain:openjpeg:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:uclouvain:openjpeg:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 02-04-2021 - 12:15)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1800535
    title CVE-2020-8112 openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment openjpeg2 is earlier than 0:2.3.1-3.el7_7
            oval oval:com.redhat.rhsa:tst:20200550001
          • comment openjpeg2 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20200262002
        • AND
          • comment openjpeg2-devel is earlier than 0:2.3.1-3.el7_7
            oval oval:com.redhat.rhsa:tst:20200550003
          • comment openjpeg2-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20200262004
        • AND
          • comment openjpeg2-devel-docs is earlier than 0:2.3.1-3.el7_7
            oval oval:com.redhat.rhsa:tst:20200550005
          • comment openjpeg2-devel-docs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20200262006
        • AND
          • comment openjpeg2-tools is earlier than 0:2.3.1-3.el7_7
            oval oval:com.redhat.rhsa:tst:20200550007
          • comment openjpeg2-tools is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20200262008
    rhsa
    id RHSA-2020:0550
    released 2020-02-19
    severity Important
    title RHSA-2020:0550: openjpeg2 security update (Important)
  • bugzilla
    id 1800535
    title CVE-2020-8112 openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment openjpeg2 is earlier than 0:2.3.1-3.el8_1
            oval oval:com.redhat.rhsa:tst:20200570001
          • comment openjpeg2 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20200262002
        • AND
          • comment openjpeg2-debugsource is earlier than 0:2.3.1-3.el8_1
            oval oval:com.redhat.rhsa:tst:20200570003
          • comment openjpeg2-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20200274004
        • AND
          • comment openjpeg2-devel is earlier than 0:2.3.1-3.el8_1
            oval oval:com.redhat.rhsa:tst:20200570005
          • comment openjpeg2-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20200262004
        • AND
          • comment openjpeg2-devel-docs is earlier than 0:2.3.1-3.el8_1
            oval oval:com.redhat.rhsa:tst:20200570007
          • comment openjpeg2-devel-docs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20200262006
        • AND
          • comment openjpeg2-tools is earlier than 0:2.3.1-3.el8_1
            oval oval:com.redhat.rhsa:tst:20200570009
          • comment openjpeg2-tools is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20200262008
    rhsa
    id RHSA-2020:0570
    released 2020-02-24
    severity Important
    title RHSA-2020:0570: openjpeg2 security update (Important)
  • rhsa
    id RHSA-2020:0569
  • rhsa
    id RHSA-2020:0694
rpms
  • openjpeg2-0:2.3.1-3.el7_7
  • openjpeg2-debuginfo-0:2.3.1-3.el7_7
  • openjpeg2-devel-0:2.3.1-3.el7_7
  • openjpeg2-devel-docs-0:2.3.1-3.el7_7
  • openjpeg2-tools-0:2.3.1-3.el7_7
  • openjpeg2-0:2.3.0-10.el8_0
  • openjpeg2-debuginfo-0:2.3.0-10.el8_0
  • openjpeg2-debugsource-0:2.3.0-10.el8_0
  • openjpeg2-devel-docs-0:2.3.0-10.el8_0
  • openjpeg2-tools-0:2.3.0-10.el8_0
  • openjpeg2-tools-debuginfo-0:2.3.0-10.el8_0
  • openjpeg2-0:2.3.1-3.el8_1
  • openjpeg2-debuginfo-0:2.3.1-3.el8_1
  • openjpeg2-debugsource-0:2.3.1-3.el8_1
  • openjpeg2-devel-0:2.3.1-3.el8_1
  • openjpeg2-devel-docs-0:2.3.1-3.el8_1
  • openjpeg2-tools-0:2.3.1-3.el8_1
  • openjpeg2-tools-debuginfo-0:2.3.1-3.el8_1
refmap via4
fedora
  • FEDORA-2020-8193c0aa68
  • FEDORA-2020-ad63f760f4
misc
mlist
  • [debian-lts-announce] 20200130 [SECURITY] [DLA 2089-1] openjpeg2 security update
  • [debian-lts-announce] 20200710 [SECURITY] [DLA 2277-1] openjpeg2 security update
Last major update 02-04-2021 - 12:15
Published 28-01-2020 - 18:15
Last modified 02-04-2021 - 12:15
Back to Top