Note:
This project will be discontinued after December 13, 2021. [more]
2018-01-19
In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
Products | Ubuntu_linux, Debian_linux, Openjpeg |
Type | Integer Overflow or Wraparound (CWE-190) |
First patch | - None (likely due to unavailable code) |
Links |
• https://github.com/uclouvain/openjpeg/issues/1057
• https://www.debian.org/security/2019/dsa-4405 • https://usn.ubuntu.com/4109-1/ |