Mageia: 2020-0307 Moderate: OpenJPEG Use-After-Free Security Issue

mageia

July 31, 2020

jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompresso...

Summary

jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice (CVE-2020-15389).

References

- https://bugs.mageia.org/show_bug.cgi?id=26953

- https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html

- https://www.cve.org/CVERecord?id=CVE-2020-15389

Topics Covered

security advisory security issue software update double-free use-after-free openjpeg Mageia

Resolution

SRPMS

- 7/core/openjpeg2-2.3.1-1.4.mga7

Publication date: 31 Jul 2020

URL: https://advisories.mageia.org/MGASA-2020-0307.html

Type: security

CVE: CVE-2020-15389

Topics Covered

security advisory security issue software update double-free use-after-free openjpeg Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia: 2020-0307 Moderate: OpenJPEG Use-After-Free Security Issue

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia: 2020-0307 Moderate: OpenJPEG Use-After-Free Security Issue

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!