CVE-2018-16375: Buffer Overflow
Published Sep 3, 2018
·Updated
An issue was discovered in OpenJPEG 2.3.0. Missing checks for headerinfo.height and headerinfo.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.
Affected Software
2 affected components
uclouvain openjpeg=2.3.0
debian/openjpeg2<=2.4.0-3, <=2.4.0-3+deb11u1, <=2.5.0-2+deb12u1, <=2.5.3-2
Remediation
Patch Available
Event History
Sep 3, 2018
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Jan 11, 2024
Data Sourced
via Launchpad·10:53 PM
Description
Sep 16, 2024
Data Sourced
via Ubuntu·01:19 AM
RemedyDescriptionSeverityAffected Software
Feb 3, 2025
Data Sourced
via Debian·03:02 AM
DescriptionAffected Software
Frequently Asked Questions
1
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2018-16375.
2
What is the severity level of CVE-2018-16375?
The severity level of CVE-2018-16375 is high.
3
What is the affected software?
The affected software is OpenJPEG version 2.3.0-2+.
4
What is the remedy for this vulnerability?
The remedy for this vulnerability is to update OpenJPEG to version 2.3.1 or higher.
5
Where can I find more information about CVE-2018-16375?
More information about CVE-2018-16375 can be found at the following references: [CVE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16375), [GitHub issue](https://github.com/uclouvain/openjpeg/issues/1126), [NVD](https://nvd.nist.gov/vuln/detail/CVE-2018-16375).