jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DLA-2277-1 | openjpeg2 security update |
![]() |
DSA-4882-1 | openjpeg2 security update |
![]() |
EUVD-2020-7384 | jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. |
![]() |
USN-4497-1 | OpenJPEG vulnerabilities |
![]() |
USN-4685-1 | OpenJPEG vulnerabilities |
![]() |
USN-5952-1 | OpenJPEG vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-04T13:15:20.562Z
Reserved: 2020-06-29T00:00:00
Link: CVE-2020-15389

No data.

Status : Modified
Published: 2020-06-29T21:15:14.150
Modified: 2024-11-21T05:05:28.070
Link: CVE-2020-15389


No data.