CVE-2020-15389: Use After Free
Published Jun 29, 2020
·Updated
jp2/opjdecompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opjimagedestroy twice.
Affected Software
6 affected componentsFixes available
uclouvain openjpeg<=2.3.1
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Oracle Outside In Technology=8.5.4
Oracle Outside In Technology=8.5.5
debian/openjpeg2
2.4.0-32.4.0-3+deb11u12.5.0-2+deb12u12.5.3-2
Remediation
Patch Available
Event History
Jun 29, 2020
CVE Published
via MITRE·08:30 PM
Data Sourced
via MITRE·08:30 PM
Description
Jul 1, 2020
Data Sourced
via Red Hat·01:49 PM
DescriptionSeverityAffected Software
Jan 11, 2024
Data Sourced
via Launchpad·11:42 PM
Description
Sep 16, 2024
Data Sourced
via Ubuntu·02:23 AM
RemedyDescriptionSeverityAffected Software
Feb 3, 2025
Data Sourced
via Debian·03:57 AM
DescriptionAffected Software
Frequently Asked Questions
1
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-15389.
2
What is the severity level of CVE-2020-15389?
The severity level of CVE-2020-15389 is medium with a score of 6.5.
3
What is the affected software for CVE-2020-15389?
The affected software is OpenJPEG through version 2.3.1.
4
What is the impact of CVE-2020-15389?
CVE-2020-15389 can lead to a use-after-free vulnerability and potential double-free, allowing an attacker to execute arbitrary code or cause a denial of service.
5
Are there any fixes available for CVE-2020-15389?
Yes, fixes are available for CVE-2020-15389. Please refer to the vendor's website or update your software to the latest version.