CVE-2018-16375
Published: 3 September 2018
An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.
From the Ubuntu Security Team
It was discovered that OpenJPEG incorrectly handled certain PNM files. A remote attacker could possibly use this issue to cause a denial of service.
Notes
Author | Note |
---|---|
mdeslaur | Ubuntu packages are built with -DBUILD_JPWL:BOOL=OFF, so the vulnerable code isn't compiled |
ccdm94 | the openjpeg package does not include the file patched by commit 619e1b086ea. Before the refactoring, there was a single convert.c file, which according to the code, seems to be affected by this vulnerability, however, it seems like the vulnerability in this case is related to CVE-2016-9118 instead, which has a very similar patch. |
Priority
Status
Package | Release | Status |
---|---|---|
openjpeg Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Released
(2.3.1)
|
|
xenial |
Not vulnerable
(code not present)
|
|
Patches: upstream: https://github.com/uclouvain/openjpeg/commit/619e1b086eaa21ebd9b23eb67deee543b07bf06f |
||
openjpeg2 Launchpad, Ubuntu, Debian |
bionic |
Released
(2.3.0-2+deb10u2ubuntu0.1~esm1)
Available with Ubuntu Pro |
cosmic |
Ignored
(end of life)
|
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life)
|
|
focal |
Not vulnerable
(2.3.1-1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.3.1)
|
|
xenial |
Not vulnerable
(code not compiled)
|
|
Patches: upstream: https://github.com/uclouvain/openjpeg/commit/619e1b086eaa21ebd9b23eb67deee543b07bf06f |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |