CVE-2018-6616 — Uncontrolled Resource Consumption in Openjpeg
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 76.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 4
Latest updateMay 13
Description
In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 18.04
🔴Vulnerability Details
4📋Vendor Advisories
4💬Community
4Bugzilla▶
CVE-2019-12973 openjpeg: denial of service in function opj_t1_encode_cblks in openjp2/t1.c↗2019-07-23
Bugzilla▶
CVE-2018-6616 openjpeg2: Excessive iteration in openjp2/t1.c:opj_t1_encode_cblks can allow for denial of service via crafted BMP file [epel-all]↗2018-02-06
Bugzilla▶
CVE-2018-6616 openjpeg2: Excessive iteration in openjp2/t1.c:opj_t1_encode_cblks can allow for denial of service via crafted BMP file [fedora-all]↗2018-02-06
Bugzilla▶
CVE-2018-6616 openjpeg2: Excessive iteration in openjp2/t1.c:opj_t1_encode_cblks can allow for denial of service via crafted BMP file↗2018-02-06