CVE-2019-6988Allocation of Resources Without Limits or Throttling in Openjpeg

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-400Uncontrolled Resource Consumption9 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 44.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Uclouvain Openjpeg
Timeline
PublishedJan 28
Latest updateJul 3

Description

An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-g9xc-m7jr-85x9: An issue was discovered in OpenJPEG 22022-05-13
CVEList
CVE-2019-6988: An issue was discovered in OpenJPEG 22019-01-28
OSV
CVE-2019-6988: An issue was discovered in OpenJPEG 22019-01-28

📋Vendor Advisories

3
Red Hat
openjpeg: denail of service via crafted image file2023-07-03
Red Hat
openjpeg: DoS via memory exhaustion in opj_decompress2019-01-17
Debian
CVE-2019-6988: openjpeg2 - An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a...2019

💬Community

2
Bugzilla
CVE-2019-6988 openjpeg: Out of bound write in function opj_calloc in openjp2/opj_malloc.c [fedora-all]2019-01-30
Bugzilla
CVE-2019-6988 openjpeg: DoS via memory exhaustion in opj_decompress2019-01-30
CVE-2019-6988 — Uclouvain Openjpeg vulnerability | cvebase