CVE-2020-8112

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenJPEG versions 2.3.1 through 2020-01-28

Description The issue is related to a heap-based buffer overflow in the opj t1 clbl decode processor function of the OpenJPEG library, specifically in the openjp2/t1.c file when qmfbid==1. This can be exploited by a remote attacker to cause a denial of service or impact the confidentiality, integrity, and availability of protected information.

Recommendations For OpenJPEG versions 2.3.1 through 2020-01-28, consider disabling the opj t1 clbl decode processor function as a temporary workaround until a patch is available. Restrict access to the openjp2/t1.c module to minimize the risk of exploitation. Avoid using the qmfbid variable in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2020-3564

AZL-44577

BDU:2020-02869

BDU:2020-03622

CESA-2020_0550

CESA-2020_0570

CVE-2020-8112

DLA-2089-1

DLA-2277-1

DSA-4882-1

MGASA-2020-0074

OESA-2021-1234

OPENSUSE-SU-2022_1252-1

OPENSUSE-SU-2022_1296-1

OPENSUSE-SU-2024:11120-1

RHSA-2020:0550

RHSA-2020:0569

RHSA-2020:0570

RHSA-2020_0550

RHSA-2020_0570

SUSE-SU-2022:1129-1

SUSE-SU-2022:1252-1

SUSE-SU-2022:1296-1

USN-4497-1

USN-4686-1

USN-5952-1

Affected Products

Alt Linux

Astra Linux

Centos

Openjpeg

Red Hat

Suse

Ubuntu

CVE-2020-8112

Weakness Enumeration

Related Identifiers

Affected Products

References · 107