Vulnerability Details : CVE-2015-8871
Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.
Vulnerability category: Memory Corruption
Products affected by CVE-2015-8871
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-8871
2.73%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-8871
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2015-8871
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-8871
-
http://www.debian.org/security/2016/dsa-3665
Debian -- Security Information -- DSA-3665-1 openjpeg2Third Party Advisory
-
https://github.com/uclouvain/openjpeg/issues/563
Use-after-free in opj_j2k_write_mco · Issue #563 · uclouvain/openjpeg · GitHubIssue Tracking;Patch
-
https://github.com/uclouvain/openjpeg/blob/master/CHANGELOG.md
openjpeg/CHANGELOG.md at master · uclouvain/openjpeg · GitHubRelease Notes;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2015/09/15/4
oss-security - CVE Request : Use-after-free in openjpegMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/05/13/1
oss-security - Re: CVE Request : Use-after-free in openjpegMailing List;Third Party Advisory
-
https://github.com/uclouvain/openjpeg/commit/940100c28ae28931722290794889cf84a92c5f6f
Fix potential use-after-free in opj_j2k_write_mco function · uclouvain/openjpeg@940100c · GitHubIssue Tracking;Patch
-
http://www.securitytracker.com/id/1038623
Google Android Multiple Flaws Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Execute Arbitrary Code and Let Local Apps Gain Elevated Privileges - SecurityTracker
-
https://bugzilla.redhat.com/show_bug.cgi?id=1263359
1263359 – openjpeg: Use-after-free vulnerability in opj_j2k_write_mcoIssue Tracking
-
https://security.gentoo.org/glsa/201612-26
OpenJPEG: Multiple vulnerabilities (GLSA 201612-26) — Gentoo security
Jump to