PT-2018-2956 · Openjpeg+7 · Openjpeg+7

Probefuzzer

Published

2018-01-13

Updated

2022-04-19

CVE-2018-5727

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenJPEG version 2.3.0

Description The issue is related to an integer overflow in the opj t1 encode cblks function, located in openjp2/t1.c. This can be exploited by remote attackers to cause a denial of service using a crafted bmp file.

Recommendations For OpenJPEG version 2.3.0, consider applying a patch or fix that addresses the integer overflow in the opj t1 encode cblks function to prevent denial of service attacks. As a temporary workaround, consider restricting the processing of crafted bmp files until a patch is available.

Exploit

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2021:4251

ALT-PU-2019-1582

BDU:2019-02734

CESA-2021_4251

CVE-2018-5727

OPENSUSE-SU-2022_1252-1

OPENSUSE-SU-2024:11120-1

RHSA-2021:4251

RHSA-2021_4251

RLSA-2021:4251

SUSE-SU-2022:1252-1

USN-4686-1

USN-4782-1

Affected Products

Alt Linux

Almalinux

Centos

Openjpeg

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2018-2956 · Openjpeg+7 · Openjpeg+7

CVE-2018-5727

Weakness Enumeration

Related Identifiers

Affected Products

References · 89