NULL Pointer Dereference in OpenJPEG 2.3.0 Affects Image Conversion Function
CVE-2018-18088

6.5MEDIUM

Key Information:

Vendor

Uclouvain

Status
Openjpeg
Vendor
CVE Published:
9 October 2018

What is CVE-2018-18088?

OpenJPEG 2.3.0 contains a vulnerability in its imagetopnm function located in jp2/convert.c, which can lead to a NULL pointer dereference specifically when handling the 'red' component. This flaw can be exploited in various scenarios, potentially enabling an attacker to disrupt normal operations or cause system instability during image processing tasks.

References

https://github.com/uclouvain/openjpeg/issues/1152
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2018/11/msg0...
mailing-listx_refsource_MLIST
https://www.debian.org/security/2019/dsa-4405
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.