CVE-2018-7648
Published: 2 March 2018
An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.
Notes
Author | Note |
---|---|
sbeattie | -DBUILD_MJ2:BOOL=OFF is set in Ubuntu and Debian packaging, so code affected is not built. |
ccdm94 | -DBUILD_MJ2 is set to ON in openjpeg, however, the vulnerable code is not present in this package since the file received as an argument is not processed in the same way as it is in openjpeg2, it is simply used as is. |
Priority
Status
Package | Release | Status |
---|---|---|
openjpeg Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Released
(2.3.1)
|
|
xenial |
Not vulnerable
(code not present)
|
|
Patches: upstream: https://github.com/uclouvain/openjpeg/commit/cc3824767bde397fedb8a1ae4786a222ba860c8d |
||
openjpeg2 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(code not built)
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
(code not built)
|
|
xenial |
Not vulnerable
(code not built)
|
|
Patches: upstream: https://github.com/uclouvain/openjpeg/commit/cc3824767bde397fedb8a1ae4786a222ba860c8d |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |