PT-2018-18182 · Openjpeg+1 · Openjpeg+1

Setharnold

Published

2018-03-02

Updated

2021-01-26

CVE-2018-7648

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenJPEG version 2.3.0

Description An issue was discovered in the mj2/opj mj2 extract.c file. The output prefix was not checked for length, which could cause a buffer overflow when a prefix with 50 or more characters is provided on the command line.

Recommendations For OpenJPEG version 2.3.0, consider restricting the length of the output prefix to prevent buffer overflow until a patch is available.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2019-1582

CVE-2018-7648

OPENSUSE-SU-2024:11120-1

Affected Products

Alt Linux

Openjpeg

PT-2018-18182 · Openjpeg+1 · Openjpeg+1

CVE-2018-7648

Weakness Enumeration

Related Identifiers

Affected Products

References · 38