CVE-2019-12973

EUVD-2019-4548
In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
uclouvainopenjpeg
2.3.1
opensuseleap
15.0
opensuseleap
15.1
debiandebian_linux
9.0
oracleoutside_in_technology
8.5.4
oracleoutside_in_technology
8.5.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openjpeg2
bookworm
2.5.0-2
fixed
bullseye
2.4.0-3
fixed
buster
ignored
jessie
not-affected
sid
2.5.0-2
fixed
trixie
2.5.0-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
blender
bionic
needs-triage
cosmic
ignored
disco
ignored
eoan
ignored
focal
needs-triage
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
dne
xenial
needs-triage
emscripten
bionic
ignored
cosmic
ignored
disco
ignored
eoan
ignored
focal
dne
groovy
dne
hirsute
ignored
impish
ignored
jammy
ignored
kinetic
ignored
lunar
ignored
mantic
ignored
noble
ignored
trusty
dne
xenial
ignored
gdcm
bionic
not-affected
cosmic
ignored
disco
not-affected
eoan
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
not-affected
xenial
not-affected
ghostscript
bionic
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
dne
xenial
not-affected
insighttoolkit4
bionic
needs-triage
cosmic
ignored
disco
ignored
eoan
ignored
focal
needs-triage
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
dne
noble
dne
trusty
dne
xenial
needs-triage
openjpeg
bionic
dne
focal
dne
groovy
dne
hirsute
dne
impish
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
not-affected
xenial
not-affected
openjpeg2
bionic
Fixed 2.3.0-2+deb10u2ubuntu0.1~esm1
released
cosmic
ignored
disco
ignored
eoan
ignored
focal
Fixed 2.3.1-1ubuntu4
released
groovy
Fixed 2.3.1-1ubuntu4
released
hirsute
Fixed 2.3.1-1ubuntu4
released
impish
Fixed 2.3.1-1ubuntu4
released
jammy
Fixed 2.3.1-1ubuntu4
released
kinetic
Fixed 2.3.1-1ubuntu4
released
lunar
Fixed 2.3.1-1ubuntu4
released
mantic
Fixed 2.3.1-1ubuntu4
released
noble
Fixed 2.3.1-1ubuntu4
released
trusty
dne
xenial
Fixed 2.1.2-1.1+deb9u5build0.16.04.1
released
qtwebengine-opensource-src
bionic
needs-triage
cosmic
ignored
disco
ignored
eoan
ignored
focal
needs-triage
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
dne
xenial
dne
texmaker
bionic
needs-triage
cosmic
ignored
disco
ignored
eoan
ignored
focal
needs-triage
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
dne
xenial
needs-triage
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html
http://www.securityfocus.com/bid/108900
https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3
https://github.com/uclouvain/openjpeg/pull/1185/commits/cbe7384016083eac16078b359acd7a842253d503
https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html
https://security.gentoo.org/glsa/202101-29
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html
http://www.securityfocus.com/bid/108900
https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3
https://github.com/uclouvain/openjpeg/pull/1185/commits/cbe7384016083eac16078b359acd7a842253d503
https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html
https://security.gentoo.org/glsa/202101-29
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujul2020.html