CVE-2019-12973

Published: 26 June 2019

In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.

From the Ubuntu Security Team

It was discovered that OpenJPEG incorrectly handled certain BMP files. A remote attacker could possibly use this issue to cause a denial of service.

Notes

Author	Note
ebarretto	Marking emscripten ignored as openjpeg2 code is only for test/example.
eslerm	openjpeg upstream suggests using patches for CVE-2018-6616

Priority

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package	Release	Status
openjpeg2 Launchpad, Ubuntu, Debian	impish	Released (2.3.1-1ubuntu4)
	hirsute	Released (2.3.1-1ubuntu4)
	jammy	Released (2.3.1-1ubuntu4)
	upstream	Released (2.3.1)
	trusty	Does not exist
	xenial	Released (2.1.2-1.1+deb9u5build0.16.04.1)
	cosmic	Ignored (end of life)
	disco	Ignored (end of life)
	eoan	Ignored (end of life)
	focal	Released (2.3.1-1ubuntu4)
	groovy	Released (2.3.1-1ubuntu4)
	lunar	Released (2.3.1-1ubuntu4)
	bionic	Released (2.3.0-2+deb10u2ubuntu0.1~esm1) Available with Ubuntu Pro
	kinetic	Released (2.3.1-1ubuntu4)
	Patches: upstream: https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3 (2.3.1) upstream: https://github.com/uclouvain/openjpeg/commit/21399f6b7d318fcdf4406d5e88723c4922202aa3 upstream: https://github.com/uclouvain/openjpeg/commit/3aef207f90e937d4931daf6d411e092f76d82e66
gdcm Launchpad, Ubuntu, Debian	impish	Not vulnerable (uses system openjpeg)
	hirsute	Not vulnerable (uses system openjpeg)
	jammy	Not vulnerable (uses system openjpeg)
	lunar	Not vulnerable (uses system openjpeg)
	bionic	Not vulnerable (uses system openjpeg)
	cosmic	Ignored (end of life)
	disco	Not vulnerable (uses system openjpeg)
	eoan	Not vulnerable (uses system openjpeg)
	focal	Not vulnerable (uses system openjpeg)
	groovy	Not vulnerable (uses system openjpeg)
	kinetic	Not vulnerable (uses system openjpeg)
	trusty	Not vulnerable (uses system openjpeg)
	upstream	Needs triage
	xenial	Not vulnerable (uses system openjpeg)
emscripten Launchpad, Ubuntu, Debian	impish	Ignored
	hirsute	Ignored
	jammy	Ignored
	lunar	Ignored
	bionic	Ignored
	cosmic	Ignored
	disco	Ignored
	eoan	Ignored
	focal	Does not exist
	groovy	Does not exist
	kinetic	Ignored
	trusty	Does not exist
	upstream	Needs triage
	xenial	Ignored
ghostscript Launchpad, Ubuntu, Debian	impish	Not vulnerable (uses system openjpeg2)
	upstream	Needs triage
	trusty	Does not exist
	focal	Not vulnerable (uses system openjpeg2)
	groovy	Not vulnerable (uses system openjpeg2)
	hirsute	Not vulnerable (uses system openjpeg2)
	bionic	Not vulnerable (code not compiled)
	xenial	Not vulnerable (code not compiled)
	jammy	Not vulnerable (uses system openjpeg2)
	lunar	Not vulnerable (uses system openjpeg2)
	kinetic	Not vulnerable (uses system openjpeg2)
openjpeg Launchpad, Ubuntu, Debian	impish	Does not exist
	upstream	Needs triage
	bionic	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	jammy	Does not exist
	trusty	Not vulnerable (code not present)
	xenial	Not vulnerable (code not present)
	lunar	Does not exist
	kinetic	Does not exist
blender Launchpad, Ubuntu, Debian	impish	Ignored (end of life)
	groovy	Ignored (end of life)
	hirsute	Ignored (end of life)
	kinetic	Ignored (end of life, was needs-triage)
	jammy	Needs triage
	bionic	Needs triage
	lunar	Needs triage
	cosmic	Ignored (end of life)
	disco	Ignored (end of life)
	eoan	Ignored (end of life)
	focal	Needs triage
	trusty	Does not exist
	upstream	Needs triage
	xenial	Needs triage
insighttoolkit4 Launchpad, Ubuntu, Debian	impish	Ignored (end of life)
	hirsute	Ignored (end of life)
	kinetic	Ignored (end of life, was needs-triage)
	xenial	Needs triage
	jammy	Needs triage
	lunar	Needs triage
	bionic	Needs triage
	cosmic	Ignored (end of life)
	disco	Ignored (end of life)
	eoan	Ignored (end of life)
	focal	Needs triage
	groovy	Ignored (end of life)
	trusty	Does not exist
	upstream	Needs triage
qtwebengine-opensource-src Launchpad, Ubuntu, Debian	kinetic	Ignored (end of life, was needs-triage)
	jammy	Needs triage
	impish	Ignored (end of life)
	lunar	Needs triage
	bionic	Needs triage
	cosmic	Ignored (end of life)
	disco	Ignored (end of life)
	eoan	Ignored (end of life)
	focal	Needs triage
	groovy	Ignored (end of life)
	hirsute	Ignored (end of life)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
texmaker Launchpad, Ubuntu, Debian	kinetic	Ignored (end of life, was needs-triage)
	xenial	Needs triage
	jammy	Needs triage
	impish	Ignored (end of life)
	lunar	Needs triage
	bionic	Needs triage
	cosmic	Ignored (end of life)
	disco	Ignored (end of life)
	eoan	Ignored (end of life)
	focal	Needs triage
	groovy	Ignored (end of life)
	hirsute	Ignored (end of life)
	trusty	Does not exist
	upstream	Needs triage

Severity score breakdown

Parameter	Value
Base score	5.5
Attack vector	Local
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›