Published: 28/01/2019 Updated: 24/08/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 385

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An issue exists in OpenJPEG 2.3.0. It allows remote malicious users to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.

Vulnerable Product	Search on Vulmon	Subscribe to Product
uclouvain openjpeg 2.3.0

Debian Bug report logs - #922648 CVE-2019-6988 Package: src:openjpeg2; Maintainer for src:openjpeg2 is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 18 Feb 2019 22:03:02 UTC Severity: important Tags: fixed-upstream, security, ...

An issue was discovered in OpenJPEG 230 It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_mallocc, when called from opj_tcd_init_tile in openjp2/tcdc, as demonstrated by the 64-bit opj_decompress ...

An issue has been discovered in OpenJPEG <= 230 It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_mallocc, when called from opj_tcd_init_tile in openjp2/tcdc, as demonstrated by the 64-bit opj_decompress ...

CWE-770 https://github.com/uclouvain/openjpeg/issues/1178 http://www.securityfocus.com/bid/106785 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922648 https://nvd.nist.gov https://security.archlinux.org/CVE-2019-6988

CVE-2019-6988

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect