[3.7] openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c (CVE-2018-5785)
In OpenJPEG 2.3.0, there is an integer overflow caused by an
out-of-bounds left shift in the opj_j2k_setup_encoder function
(openjp2/j2k.c). Remote attackers could leverage this vulnerability to
cause a denial of service via a crafted bmp file.
References:
https://github.com/uclouvain/openjpeg/issues/1057
https://nvd.nist.gov/vuln/detail/CVE-2018-5785
Patch:
https://github.com/uclouvain/openjpeg/commit/ca16fe55014c57090dd97369256c7657aeb25975
(from redmine: issue id 10096, created on 2019-03-12, closed on 2019-03-19)
- Relations:
- parent #10092 (closed)
- Changesets:
- Revision ff269836 by Francesco Colista on 2019-03-14T17:22:38Z:
main/openjpeg: security fixes
- CVE-2018-5785
this commit fixes #10096