PT-2018-2956 · Openjpeg+7 · Openjpeg+7

Probefuzzer

Publicado

2018-01-13

Atualizado

2022-04-19

CVE-2018-5727

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenJPEG version 2.3.0

Description The issue is related to an integer overflow in the opj t1 encode cblks function, located in openjp2/t1.c. This can be exploited by remote attackers to cause a denial of service using a crafted bmp file.

Recommendations For OpenJPEG version 2.3.0, consider applying a patch or fix that addresses the integer overflow in the opj t1 encode cblks function to prevent denial of service attacks. As a temporary workaround, consider restricting the processing of crafted bmp files until a patch is available.

Exploit

Correção

DoS

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALSA-2021:4251

ALT-PU-2019-1582

BDU:2019-02734

CESA-2021_4251

CVE-2018-5727

OPENSUSE-SU-2022_1252-1

OPENSUSE-SU-2024:11120-1

RHSA-2021:4251

RHSA-2021_4251

RLSA-2021:4251

SUSE-SU-2022:1252-1

USN-4686-1

USN-4782-1

Produtos afetados

Alt Linux

Almalinux

Centos

Openjpeg

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2018-2956 · Openjpeg+7 · Openjpeg+7

CVE-2018-5727

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 89