5.5

CVE-2019-12973

In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
UclouvainOpenjpeg Version2.3.1
OpensuseLeap Version15.0
OpensuseLeap Version15.1
DebianDebian Linux Version9.0
OracleDatabase Server Version18c
OracleOutside In Technology Version8.5.4
OracleOutside In Technology Version8.5.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.6% 0.833
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-834 Excessive Iteration

The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

https://www.oracle.com//security-alerts/cpujul2021.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/108900
Third Party Advisory
VDB Entry
https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3
Patch
Third Party Advisory
https://github.com/uclouvain/openjpeg/pull/1185/commits/cbe7384016083eac16078b359acd7a842253d503
Broken Link
https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/202101-29
Third Party Advisory