OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
2020-01-13T06:15:10.957
2024-11-21T05:36:17.597
Modified
CVSSv3.1: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | uclouvain | openjpeg | ≤ 2.3.1 | Yes |
| Operating System | fedoraproject | fedora | 30 | Yes |
| Operating System | fedoraproject | fedora | 31 | Yes |
| Operating System | debian | debian_linux | 8.0 | Yes |
| Operating System | debian | debian_linux | 9.0 | Yes |
| Operating System | debian | debian_linux | 10.0 | Yes |
| Operating System | redhat | enterprise_linux | 8.0 | Yes |
| Operating System | redhat | enterprise_linux_desktop | 7.0 | Yes |
| Operating System | redhat | enterprise_linux_eus | 7.7 | Yes |
| Operating System | redhat | enterprise_linux_eus | 8.1 | Yes |
| Operating System | redhat | enterprise_linux_eus | 8.2 | Yes |
| Operating System | redhat | enterprise_linux_eus | 8.4 | Yes |
| Operating System | redhat | enterprise_linux_server | 7.0 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 7.7 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 8.2 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 8.4 | Yes |
| Operating System | redhat | enterprise_linux_server_tus | 7.7 | Yes |
| Operating System | redhat | enterprise_linux_server_tus | 8.2 | Yes |
| Operating System | redhat | enterprise_linux_server_tus | 8.4 | Yes |
| Operating System | redhat | enterprise_linux_workstation | 7.0 | Yes |
| Application | oracle | georaster | 18c | Yes |
| Application | oracle | outside_in_technology | 8.5.4 | Yes |
| Application | oracle | outside_in_technology | 8.5.5 | Yes |