CVE-2019-12973
openjpeg: denial of service in function opj_t1_encode_cblks in openjp2/t1.c
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.
En OpenJPEG versión 2.3.1, hay una iteración excesiva en la función opj_t1_encode_cblks de openjp2/t1.c. Los atacantes remotos podrían aprovechar esta vulnerabilidad para causar una denegación de servicio a través de un archivo bmp modificado. Este problema es similar a CVE-2018-6616.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-06-26 CVE Reserved
- 2019-06-26 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-834: Excessive Iteration
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/108900 | Third Party Advisory | |
| https://github.com/uclouvain/openjpeg/pull/1185/commits/cbe7384016083eac16078b359acd7a842253d503 | Broken Link | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html | Mailing List |
|
| https://www.oracle.com//security-alerts/cpujul2021.html | Third Party Advisory |
|
| https://www.oracle.com/security-alerts/cpujul2020.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3 | 2022-10-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Uclouvain Search vendor "Uclouvain" | Openjpeg Search vendor "Uclouvain" for product "Openjpeg" | 2.3.1 Search vendor "Uclouvain" for product "Openjpeg" and version "2.3.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.0 Search vendor "Opensuse" for product "Leap" and version "15.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 18c Search vendor "Oracle" for product "Database Server" and version "18c" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Outside In Technology Search vendor "Oracle" for product "Outside In Technology" | 8.5.4 Search vendor "Oracle" for product "Outside In Technology" and version "8.5.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Outside In Technology Search vendor "Oracle" for product "Outside In Technology" | 8.5.5 Search vendor "Oracle" for product "Outside In Technology" and version "8.5.5" | - |
Affected
| ||||||