Main Vulnerability Database SB2018022224

SB2018022224 - Denial of service in OpenJPEG

Published: February 22, 2018

Security Bulletin ID SB2018022224

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Partial DoS

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Buffer overflow (CVE-ID: CVE-2018-7648)

CWE-ID: CWE-120 - Buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the mj2/opj_mj2_extract.c source code file due to insufficient length checks of output prefixes. A local attacker can send a specially crafted prefix, which contains 50 or more characters via the command line, trigger buffer overflow condition and cause the service to crash.

Remediation

Install update from vendor's website.

References

https://github.com/uclouvain/openjpeg/issues/1088