CVE-2019-12973: Medium severity openjpeg vulnerability

Published Jun 26, 2019

Updated

In OpenJPEG 2.3.1, there is excessive iteration in the opjt1encodecblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.

Reference: https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3 https://github.com/uclouvain/openjpeg/pull/1185/commits/cbe7384016083eac16078b359acd7a842253d503

Affected Software

8 affected componentsFixes available

uclouvain openjpeg=2.3.1

openSUSE Leap=15.0

openSUSE Leap=15.1

Debian Debian Linux=9.0

Oracle Database Server=18c

Oracle Outside In Technology=8.5.4

Oracle Outside In Technology=8.5.5

debian/openjpeg2

2.4.0-32.4.0-3+deb11u12.5.0-2+deb12u12.5.3-2

Remediation

Patch Available

https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3

Event History

Jun 26, 2019

CVE Published

via MITRE·05:07 PM

Data Sourced

via MITRE·05:07 PM

Description

Jul 23, 2019

Data Sourced

via Red Hat·06:05 AM

DescriptionSeverityAffected Software

Jan 11, 2024

Data Sourced

via Launchpad·11:16 PM

Description

Sep 16, 2024

Data Sourced

via Ubuntu·02:10 AM

RemedyDescriptionSeverityAffected Software

Jan 30, 2025

Data Sourced

via Debian·02:48 AM

DescriptionAffected Software

CVE-2019-12973: Medium severity openjpeg vulnerability

Affected Software

Remediation

Patch Available

Event History

Don't miss critical vulnerabilities

Company

Resources

Contact