Vulnerability Details CVE-2018-6616
In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.4%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- https://github.com/uclouvain/openjpeg/issues/1059
- https://lists.debian.org/debian-lts-announce/2018/12/msg00013.html
- https://usn.ubuntu.com/4109-1/
- https://www.debian.org/security/2019/dsa-4405
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://github.com/uclouvain/openjpeg/issues/1059
- https://lists.debian.org/debian-lts-announce/2018/12/msg00013.html
- https://usn.ubuntu.com/4109-1/
- https://www.debian.org/security/2019/dsa-4405
- https://www.oracle.com/security-alerts/cpujul2020.html
Products affected by CVE-2018-6616
-
cpe:2.3:a:oracle:georaster:18c
-
cpe:2.3:a:uclouvain:openjpeg:2.3.0
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0