Lucene search

[email protected]CVE-2019-12973

HistoryJun 26, 2019 - 6:15 p.m.

CVE-2019-12973

2019-06-2618:15:00

CWE-834

[email protected]

web.nvd.nist.gov

254

openjpeg

vulnerability

denial of service

cve-2019-12973

nvd

openjpeg 2.3.1

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

69.7%

JSON

In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.

CPENameOperatorVersion
uclouvain:openjpeguclouvain openjpegeq2.3.1
opensuse:leapopensuse leapeq15.0
opensuse:leapopensuse leapeq15.1
debian:debian_linuxdebian debian linuxeq9.0
oracle:database_serveroracle database servereq18c
oracle:outside_in_technologyoracle outside in technologyeq8.5.4
oracle:outside_in_technologyoracle outside in technologyeq8.5.5

CPE	Name	Operator	Version
uclouvain:openjpeg	uclouvain openjpeg	eq	2.3.1
opensuse:leap	opensuse leap	eq	15.0
opensuse:leap	opensuse leap	eq	15.1
debian:debian_linux	debian debian linux	eq	9.0
oracle:database_server	oracle database server	eq	18c
oracle:outside_in_technology	oracle outside in technology	eq	8.5.4
oracle:outside_in_technology	oracle outside in technology	eq	8.5.5