CVE-2019-12973

In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.

Published: Jun 26, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-12973
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-834

Affected Software
References

Software	From	Fixed in
uclouvain / openjpeg	2.3.1	2.3.1.x
opensuse / leap	15.0	15.0.x
opensuse / leap	15.1	15.1.x
debian / debian_linux	9.0	9.0.x
oracle / database_server	18c	18c.x
oracle / outside_in_technology	8.5.4	8.5.4.x
oracle / outside_in_technology	8.5.5	8.5.5.x

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html
http://www.securityfocus.com/bid/108900
https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3
https://github.com/uclouvain/openjpeg/pull/1185/commits/cbe7384016083eac16078b359acd7a842253d503
https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html
https://security.gentoo.org/glsa/202101-29
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujul2020.html

Vulnerability Database

289,689

CVE-2019-12973