Openjpeg: denail of service via crafted image file
CVE-2023-39328

5.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 9 July 2024

Summary

A security flaw has been identified in the OpenJPEG library that allows attackers to circumvent existing security measures and induce application crashes. This vulnerability arises when applications process specially crafted files, potentially resulting in a denial of service. Developers and administrators are urged to review their implementations of OpenJPEG and apply necessary security patches to safeguard against these threats.

References

https://access.redhat.com/security/cve/CVE-2023-39328

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2219236

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024

Collectors

NVD DatabaseMitre Database