CVE-2019-6988 (NVD)

2019-01-28

An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.

Products Openjpeg
Type Uncontrolled Resource Consumption (CWE-400)
First patch - None (likely due to unavailable code)
Links https://github.com/uclouvain/openjpeg/issues/1178
http://www.securityfocus.com/bid/106785