Denial-of-Service Vulnerability in OpenJPEG Libraries by UCLouvain
CVE-2018-14423

7.5HIGH

Key Information:

Vendor

Uclouvain

Status
Openjpeg
Vendor
CVE Published:
19 July 2018

What is CVE-2018-14423?

The OpenJPEG library versions through 2.3.0 are susceptible to division-by-zero vulnerabilities in several of its functions, including pi_next_pcrl, pi_next_cprl, and pi_next_rpcl. These flaws can be exploited by remote attackers, leading to a potential denial of service through application crashes. This vulnerability highlights the importance of updating to secure versions to protect applications that rely on OpenJPEG for their image processing needs.

References

https://lists.debian.org/debian-lts-announce/2018/12/msg0...
mailing-listx_refsource_MLIST
https://github.com/uclouvain/openjpeg/issues/1123
x_refsource_MISC
https://www.debian.org/security/2019/dsa-4405
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.