In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
References
Link | Resource |
---|---|
https://github.com/uclouvain/openjpeg/issues/1059 | Exploit Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2018/12/msg00013.html | Mailing List Third Party Advisory |
https://www.debian.org/security/2019/dsa-4405 | Third Party Advisory |
https://usn.ubuntu.com/4109-1/ | Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2020.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2018-02-04 14:29
Updated : 2021-02-03 08:12
NVD link : CVE-2018-6616
Mitre link : CVE-2018-6616
JSON object : View
CWE
CWE-400
Uncontrolled Resource Consumption
Products Affected
debian
- debian_linux
canonical
- ubuntu_linux
oracle
- georaster
uclouvain
- openjpeg