The vulnerability of the opj_t1_encode_cblks function in the OpenJPEG image encoding and decoding library, related to a bug that leads to an infinite loop, allows attackers to cause service interruptions.

🗓️ 25 Apr 2019 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru

OpenJPEG opj_t1_encode_cblks bug causes infinite loop enabling service disruption via BMP.

Reporter	Title	Published	Views	Family All 83
FreeBSD	OpenJPEG -- multiple vulnerabilities	8 Dec 201700:00	–	freebsd
Amazon	Medium: openjpeg2	20 Jan 202200:00	–	amazon
AlpineLinux	CVE-2018-6616	4 Feb 201822:00	–	alpinelinux
Cloud Foundry	USN-4109-1: OpenJPEG vulnerabilities \| Cloud Foundry	29 Aug 201900:00	–	cloudfoundry
CNVD	OpenJPEG 'opj_t1_encode_cblks' function too many iterations vulnerability	5 Feb 201800:00	–	cnvd
CVE	CVE-2018-6616	4 Feb 201822:00	–	cve
Cvelist	CVE-2018-6616	4 Feb 201822:00	–	cvelist
Debian	[SECURITY] [DLA 1614-1] openjpeg2 security update	22 Dec 201813:57	–	debian
Debian	[SECURITY] [DLA 2277-1] openjpeg2 security update	10 Jul 202020:01	–	debian
Debian	[SECURITY] [DSA 4405-1] openjpeg2 security update	10 Mar 201914:35	–	debian

Vulners

Node

red_hat red_hat_enterprise_linuxMatch7

OR

red_hat red_hat_enterprise_linuxMatch8

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-6616
security-tracker	www.security-tracker.debian.org/tracker/CVE-2018-6616
github	www.github.com/uclouvain/openjpeg/issues/1059
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.5/
wiki	www.wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
web	www.web.nvd.nist.gov/view/vuln/detail

30 Sep 2024 00:00Current

6.4Medium risk

Vulners AI Score6.4

CVSS 24.3

CVSS 35.5

EPSS0.00286

OpenJPEG library opj_t1_encode_cblks infinite loop service disruption crafted bitmap