Your submission was sent successfully! Close

CVE-2019-12973

Published: 26 June 2019

In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.

From the Ubuntu security team

It was discovered that OpenJPEG incorrectly handled certain BMP files. A remote attacker could possibly use this issue to cause a denial of service.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
blender
Launchpad, Ubuntu, Debian
bionic Needs triage

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)
emscripten
Launchpad, Ubuntu, Debian
bionic Ignored

cosmic Ignored

disco Ignored

eoan Ignored

focal Does not exist

groovy Does not exist

hirsute Ignored

impish Ignored

jammy Ignored

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored

gdcm
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(uses system openjpeg)
cosmic Ignored
(reached end-of-life)
disco Not vulnerable
(uses system openjpeg)
eoan Not vulnerable
(uses system openjpeg)
focal Not vulnerable
(uses system openjpeg)
groovy Not vulnerable
(uses system openjpeg)
hirsute Not vulnerable
(uses system openjpeg)
impish Not vulnerable
(uses system openjpeg)
jammy Not vulnerable
(uses system openjpeg)
precise Does not exist

trusty Not vulnerable
(uses system openjpeg)
upstream Needs triage

xenial Not vulnerable
(uses system openjpeg)
ghostscript
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not compiled)
focal Not vulnerable
(uses system openjpeg2)
groovy Not vulnerable
(uses system openjpeg2)
hirsute Not vulnerable
(uses system openjpeg2)
impish Not vulnerable
(uses system openjpeg2)
jammy Not vulnerable
(uses system openjpeg2)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code not compiled)
insighttoolkit4
Launchpad, Ubuntu, Debian
bionic Needs triage

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)
openjpeg
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Does not exist

trusty Needs triage

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)
openjpeg2
Launchpad, Ubuntu, Debian
bionic Needed

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal
Released (2.3.1-1ubuntu4)
groovy
Released (2.3.1-1ubuntu4)
hirsute
Released (2.3.1-1ubuntu4)
impish
Released (2.3.1-1ubuntu4)
jammy
Released (2.3.1-1ubuntu4)
precise Does not exist

trusty Does not exist

upstream
Released (2.3.1)
xenial
Released (2.1.2-1.1+deb9u5build0.16.04.1)
qtwebengine-opensource-src
Launchpad, Ubuntu, Debian
bionic Needs triage

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

texmaker
Launchpad, Ubuntu, Debian
bionic Needs triage

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)