Veracode Vulnerability DatabaseVERACODE:18514Denial Of Service (DoS)
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
OpenJPEG is vulnerable to denial of service attacks. A remote unauthenticated attacker could exploit the vulnerable PDFium component to cause denial of service conditions via crafted JPEG 2000 data. Affected function is opj_tcd_init_tile in the file tcd.c.
References
lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html
lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html
lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html
lists.opensuse.org/opensuse-updates/2016-09/msg00073.html
rhn.redhat.com/errata/RHSA-2016-1854.html
rhn.redhat.com/errata/RHSA-2017-0559.html
rhn.redhat.com/errata/RHSA-2017-0838.html
www.debian.org/security/2016/dsa-3660
www.securityfocus.com/bid/92717
www.securitytracker.com/id/1036729
access.redhat.com/errata/RHSA-2017:0559
access.redhat.com/security/updates/classification/#moderate
crbug.com/628890
googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html
pdfium.googlesource.com/pdfium.git/+/ff74356915d4c7f7c6eb16de1e9f403da4ecb6d5
security.gentoo.org/glsa/201610-09
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P