CVE-2015-8871
Published: 21 September 2016
Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.
Priority
Medium
CVSS 3 base score: 9.8
Status
| Package | Release | Status |
|---|---|---|
|
openjpeg Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
(code not present)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(code not present)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(code not present)
|
|
|
openjpeg2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.1.1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(2.1.1-1)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(2.1.2-1.1+deb9u2build0.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
Patches: Upstream: https://github.com/uclouvain/openjpeg/commit/940100c28ae28931722290794889cf84a92c5f6f |
||