FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenJPEG -- integer overflow

Affected packages
openjpeg < 2.3.0_4

Details

VuXML ID 5efd7a93-2dfb-11e9-9549-e980e869c2e9
Discovery 2017-12-08
Entry 2019-02-11
Modified 2019-03-29

NVD reports:

In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

References

CVE Name CVE-2018-5727
URL https://github.com/uclouvain/openjpeg/issues/1053
URL https://nvd.nist.gov/vuln/detail/CVE-2018-5727