Vulnerability CVE-2018-16376: Information

Description

An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-16376
Published: Sept. 3, 2018
Modified: Oct. 31, 2018
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libopenjpeg2.0sisyphus2.3.1-alt12.5.2-alt1ALT-PU-2019-1582-1226454Fixed
libopenjpeg2.0sisyphus_e2k2.5.0-alt12.5.2-alt1ALT-PU-2022-4997-1-Fixed
libopenjpeg2.0sisyphus_riscv642.5.0-alt12.5.2-alt1ALT-PU-2022-4954-1-Fixed
libopenjpeg2.0p102.5.0-alt12.5.0-alt1ALT-PU-2022-1892-1300002Fixed
libopenjpeg2.0p10_e2k2.5.0-alt12.5.0-alt1ALT-PU-2022-4992-1-Fixed
libopenjpeg2.0p92.3.1-alt12.3.1-alt1ALT-PU-2019-1582-1226454Fixed
libopenjpeg2.0c10f12.5.0-alt12.5.0-alt1ALT-PU-2022-1892-1300002Fixed
libopenjpeg2.0c9f22.3.1-alt12.3.1-alt1ALT-PU-2019-1582-1226454Fixed
libopenjpeg2.0p112.3.1-alt12.5.2-alt1ALT-PU-2019-1582-1226454Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/uclouvain/openjpeg/issues/1127
  • Vendor Advisory
105262
  • Third Party Advisory
  • VDB Entry

    1. Configuration 1

      cpe:2.3:a:uclouvain:openjpeg:2.3.0:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top