CVE-2018-5727Integer Overflow or Wraparound in Openjpeg

CWE-190Integer Overflow or Wraparound11 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.7%
top 27.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
THE Openjpeg Project Openjpeg2Uclouvain Openjpeg
Timeline
PublishedJan 16
Latest updateMay 13

Description

In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Debianthe_openjpeg_project/openjpeg2< 2.3.1-1+3

🔴Vulnerability Details

3
GHSA
GHSA-r7wc-c46x-5q6f: In OpenJPEG 22022-05-13
CVEList
CVE-2018-5727: In OpenJPEG 22018-01-16
OSV
CVE-2018-5727: In OpenJPEG 22018-01-16

📋Vendor Advisories

4
Ubuntu
OpenJPEG vulnerabilities2021-03-17
Ubuntu
Ghostscript vulnerabilities2021-01-07
Red Hat
openjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c2018-01-13
Debian
CVE-2018-5727: openjpeg2 - In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_enco...2018

💬Community

3
Bugzilla
CVE-2018-5727 openjpeg: oepnjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c [epel-all]2018-01-19
Bugzilla
CVE-2018-5727 openjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c2018-01-19
Bugzilla
CVE-2018-5727 openjpeg: oepnjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c [fedora-all]2018-01-19
CVE-2018-5727 — Integer Overflow or Wraparound | cvebase