In OpenJPEG 2.3.0, there is excessive iteration in the opjt1encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.1.2-1.1+deb9u3build0.16.04.1", "binary_name": "libopenjp2-7" }, { "binary_version": "2.1.2-1.1+deb9u3build0.16.04.1", "binary_name": "libopenjp2-7-dbg" }, { "binary_version": "2.1.2-1.1+deb9u3build0.16.04.1", "binary_name": "libopenjp2-7-dbgsym" }, { "binary_version": "2.1.2-1.1+deb9u3build0.16.04.1", "binary_name": "libopenjp2-7-dev" }, { "binary_version": "2.1.2-1.1+deb9u3build0.16.04.1", "binary_name": "libopenjp2-7-dev-dbgsym" }, { "binary_version": "2.1.2-1.1+deb9u3build0.16.04.1", "binary_name": "libopenjp2-tools" }, { "binary_version": "2.1.2-1.1+deb9u3build0.16.04.1", "binary_name": "libopenjp2-tools-dbgsym" }, { "binary_version": "2.1.2-1.1+deb9u3build0.16.04.1", "binary_name": "libopenjp3d-tools" }, { "binary_version": "2.1.2-1.1+deb9u3build0.16.04.1", "binary_name": "libopenjp3d-tools-dbgsym" }, { "binary_version": "2.1.2-1.1+deb9u3build0.16.04.1", "binary_name": "libopenjp3d7" }, { "binary_version": "2.1.2-1.1+deb9u3build0.16.04.1", "binary_name": "libopenjp3d7-dbgsym" }, { "binary_version": "2.1.2-1.1+deb9u3build0.16.04.1", "binary_name": "libopenjpip-dec-server" }, { "binary_version": "2.1.2-1.1+deb9u3build0.16.04.1", "binary_name": "libopenjpip-dec-server-dbgsym" }, { "binary_version": "2.1.2-1.1+deb9u3build0.16.04.1", "binary_name": "libopenjpip-server" }, { "binary_version": "2.1.2-1.1+deb9u3build0.16.04.1", "binary_name": "libopenjpip-server-dbgsym" }, { "binary_version": "2.1.2-1.1+deb9u3build0.16.04.1", "binary_name": "libopenjpip-viewer" }, { "binary_version": "2.1.2-1.1+deb9u3build0.16.04.1", "binary_name": "libopenjpip7" }, { "binary_version": "2.1.2-1.1+deb9u3build0.16.04.1", "binary_name": "libopenjpip7-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.3.0-2build0.18.04.1", "binary_name": "libopenjp2-7" }, { "binary_version": "2.3.0-2build0.18.04.1", "binary_name": "libopenjp2-7-dbgsym" }, { "binary_version": "2.3.0-2build0.18.04.1", "binary_name": "libopenjp2-7-dev" }, { "binary_version": "2.3.0-2build0.18.04.1", "binary_name": "libopenjp2-tools" }, { "binary_version": "2.3.0-2build0.18.04.1", "binary_name": "libopenjp2-tools-dbgsym" }, { "binary_version": "2.3.0-2build0.18.04.1", "binary_name": "libopenjp3d-tools" }, { "binary_version": "2.3.0-2build0.18.04.1", "binary_name": "libopenjp3d-tools-dbgsym" }, { "binary_version": "2.3.0-2build0.18.04.1", "binary_name": "libopenjp3d7" }, { "binary_version": "2.3.0-2build0.18.04.1", "binary_name": "libopenjp3d7-dbgsym" }, { "binary_version": "2.3.0-2build0.18.04.1", "binary_name": "libopenjpip-dec-server" }, { "binary_version": "2.3.0-2build0.18.04.1", "binary_name": "libopenjpip-dec-server-dbgsym" }, { "binary_version": "2.3.0-2build0.18.04.1", "binary_name": "libopenjpip-server" }, { "binary_version": "2.3.0-2build0.18.04.1", "binary_name": "libopenjpip-server-dbgsym" }, { "binary_version": "2.3.0-2build0.18.04.1", "binary_name": "libopenjpip-viewer" }, { "binary_version": "2.3.0-2build0.18.04.1", "binary_name": "libopenjpip7" }, { "binary_version": "2.3.0-2build0.18.04.1", "binary_name": "libopenjpip7-dbgsym" } ] }