CVE-2019-12973
openjpeg: denial of service in function opj_t1_encode_cblks in openjp2/t1.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.
En OpenJPEG versión 2.3.1, hay una iteración excesiva en la función opj_t1_encode_cblks de openjp2/t1.c. Los atacantes remotos podrían aprovechar esta vulnerabilidad para causar una denegación de servicio a través de un archivo bmp modificado. Este problema es similar a CVE-2018-6616.
It was discovered that OpenJPEG incorrectly handled certain image files. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that OpenJPEG did not properly handle certain input. If OpenJPEG were supplied with specially crafted input, it could be made to crash or potentially execute arbitrary code. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-06-26 CVE Reserved
- 2019-06-26 CVE Published
- 2024-08-04 CVE Updated
- 2025-06-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-834: Excessive Iteration
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/108900 | Third Party Advisory | |
| https://github.com/uclouvain/openjpeg/pull/1185/commits/cbe7384016083eac16078b359acd7a842253d503 | Broken Link | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html | Mailing List |
|
| https://www.oracle.com//security-alerts/cpujul2021.html | Third Party Advisory |
|
| https://www.oracle.com/security-alerts/cpujul2020.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3 | 2022-10-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Uclouvain Search vendor "Uclouvain" | Openjpeg Search vendor "Uclouvain" for product "Openjpeg" | 2.3.1 Search vendor "Uclouvain" for product "Openjpeg" and version "2.3.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.0 Search vendor "Opensuse" for product "Leap" and version "15.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 18c Search vendor "Oracle" for product "Database Server" and version "18c" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Outside In Technology Search vendor "Oracle" for product "Outside In Technology" | 8.5.4 Search vendor "Oracle" for product "Outside In Technology" and version "8.5.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Outside In Technology Search vendor "Oracle" for product "Outside In Technology" | 8.5.5 Search vendor "Oracle" for product "Outside In Technology" and version "8.5.5" | - |
Affected
| ||||||