How severe is CVE-2020-6112?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2020-6112?

This is classified as CWE-823, which is a common weakness in software security.

CVE-2020-6112 - HIGH Severity | CVSS 8.8

Vulnerability Description

An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile which allow for the decoder to write out of-bounds and cause memory corruption. This can result in code execution. A specially crafted image can be embedded inside a PDF and loaded by a victim in order to trigger this vulnerability.

Related Vulnerabilities

CVE-2022-0554

HIGH

CVSS:8.4(High)

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.

CWE-8232022

CVE-2022-0614

HIGH

CVSS:8.4(High)

Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2.

CWE-8232022

CVE-2022-0685

HIGH

CVSS:8.4(High)

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.

CWE-8232022

CVE-2025-0467

HIGH

CVSS:8.2(High)

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.

CWE-8232025

CVE-2020-27009

HIGH

CVSS:8.1(High)

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5....

CWE-8232020

CVE-2021-34595

HIGH

CVSS:8.1(High)

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-serv...

CWE-8232021