Identifier

CVE-2020-15389

Package Slug

conan/openjpeg

Vulnerability

Use After Free

Description

jp2/opj_decompress.c in OpenJPEG through has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.

Affected Versions

All versions up to 2.3.1

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-07-24

source