CVE-2020-15389 vulnerability in Oracle and Other Products
Published on June 29, 2020

jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.

Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2020-15389

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-15389 are published in these products:

Oracle Outside In Technology

Uclouvain Openjpeg

Debian Linux

Canonical Ubuntu Linux

Exploit Probability

EPSS

0.27%

Percentile

50.03%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-15389 vulnerability in Oracle and Other ProductsPublished on June 29, 2020

Products Associated with CVE-2020-15389

Exploit Probability

CVE-2020-15389 vulnerability in Oracle and Other Products
Published on June 29, 2020