CVE-2018-16376 — Out-of-bounds Write in Openjpeg

CWE-787 — Out-of-bounds Write CWE-122 — Heap-based Buffer Overflow11 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.6%

top 31.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Uclouvain Openjpeg

Timeline

PublishedSep 3

Latest updateMay 14

Description

An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDuclouvain/openjpeg2.3.0

🔴Vulnerability Details

GHSA

GHSA-9j6w-p36v-w54g: An issue was discovered in OpenJPEG 2↗2022-05-14

▶

OSV

CVE-2018-16376: An issue was discovered in OpenJPEG 2↗2018-09-03

▶

CVEList

CVE-2018-16376: An issue was discovered in OpenJPEG 2↗2018-09-03

▶

📋Vendor Advisories

Red Hat

openjpeg: Heap-based buffer overflow in function t2_encode_packet in src/lib/openmj2/t2.c↗2018-09-03

▶

Debian

CVE-2018-16376: openjpeg2 - An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was disc...↗2018

▶

💬Community

Bugzilla

CVE-2018-16376 mingw-openjpeg2: openjpeg: Heap-based buffer overflow in function t2_encode_packet in src/lib/openmj2/t2.c [fedora-all]↗2018-09-07

▶

Bugzilla

CVE-2018-16376 openjpeg: Heap-based buffer overflow in function t2_encode_packet in src/lib/openmj2/t2.c [fedora-all]↗2018-09-07

▶

Bugzilla

CVE-2018-16376 openjpeg2: openjpeg: Heap-based buffer overflow in function t2_encode_packet in src/lib/openmj2/t2.c [epel-all]↗2018-09-07

▶

Bugzilla

CVE-2018-16376 openjpeg2: openjpeg: Heap-based buffer overflow in function t2_encode_packet in src/lib/openmj2/t2.c [fedora-all]↗2018-09-07

▶

Bugzilla

CVE-2018-16376 openjpeg: Heap-based buffer overflow in function t2_encode_packet in src/lib/openmj2/t2.c↗2018-09-06

▶