Project

General

Profile

Bug #9796

openjpeg: Multiple vulnerabilities (CVE-2018-14423, CVE-2018-6616)

Added by Alicha CH 5 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Category:
Security
Target version:
-
Start date:
12/27/2018
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:
CVE-2018-14423, CVE-2018-6616

Description

CVE-2018-14423: Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c
in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-14423
https://github.com/uclouvain/openjpeg/issues/1123

Patch:

https://github.com/uclouvain/openjpeg/commit/bd88611ed9ad7144ec4f3de54790cd848175891b

CVE-2018-6616: In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote
attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-6616
https://github.com/uclouvain/openjpeg/issues/1059

Patch:

https://github.com/hlef/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3


Subtasks

Bug #9797: [3.9] openjpeg: Multiple vulnerabilities (CVE-2018-14423, CVE-2018-6616)ClosedFrancesco Colista

Bug #9798: [3.8] openjpeg: Multiple vulnerabilities (CVE-2018-14423, CVE-2018-6616)ClosedFrancesco Colista

Bug #9799: [3.7] openjpeg: Multiple vulnerabilities (CVE-2018-14423, CVE-2018-6616)ClosedFrancesco Colista

Bug #9800: [3.6] openjpeg: Multiple vulnerabilities (CVE-2018-14423, CVE-2018-6616)ClosedFrancesco Colista

History

#1 Updated by Francesco Colista 5 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Setup scripts
  • Status changed from New to Resolved

#2 Updated by Francesco Colista 5 months ago

  • Category changed from Setup scripts to Security

#3 Updated by Alicha CH 5 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF