Lucene search

K

Veracode Vulnerability DatabaseVERACODE:35543

HistoryMay 15, 2022 - 5:03 p.m.

Denial Of Service (DoS)

2022-05-1517:03:38

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

14

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

19.2%

openjpeg is vulnerable to denial of service. The vulnerability exists in free()function due to not handling an input directory with a large number of files leading to a memory corruption causing an application crash.

CPENameOperatorVersion
openjpeg:edgeeq2.4.0-r3
openjpeg:edgeeq2.4.0-r0
openjpeg:edgeeq2.4.0-r4
openjpeg:edgeeq2.4.0-r1
openjpeg:edgeeq2.3.1-r4
openjpeg:edgeeq2.4.0-r2
openjpeg:3.16eq2.4.0-r4
openjpegeq1.3__16.el6_8
openjpegeq1.5.1__18.el7
openjpegeq1.3__9.el6_3

Rows per page:

1-10 of 601

References

access.redhat.com/errata/RHSA-2022:7645

access.redhat.com/errata/RHSA-2022:8207

access.redhat.com/security/cve/CVE-2022-1122

bugzilla.redhat.com/show_bug.cgi?id=2067052

github.com/uclouvain/openjpeg/issues/1368

lists.debian.org/debian-lts-announce/2022/04/msg00006.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MIWSQFQWXDU4MT3XTVAO6HC7TVL3NHS7/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKBAMK2CAM5TMC5TODKVCE5AAPTD5YV/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROSN5NRUFOH7HGLJ4ZSKPGAKLFXJALW4/

lists.fedoraproject.org/archives/list/[email protected]/message/MIWSQFQWXDU4MT3XTVAO6HC7TVL3NHS7/

lists.fedoraproject.org/archives/list/[email protected]/message/RMKBAMK2CAM5TMC5TODKVCE5AAPTD5YV/

lists.fedoraproject.org/archives/list/[email protected]/message/ROSN5NRUFOH7HGLJ4ZSKPGAKLFXJALW4/

secdb.alpinelinux.org/edge/main.yaml

security.gentoo.org/glsa/202209-04

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

19.2%

Related for VERACODE:35543

nessus30 openvas20 oraclelinux2 debiancve1 osv6 cve1 rocky2 mageia1 almalinux2 amazon1 ubuntucve1 redhatcve1 fedora5 prion1 alpinelinux1 redhat4 gentoo1 debian1 ibm2 suse1 oracle2