OpenJPEG CVE-2018-16376 Remote Heap Based Buffer Overflow Vulnerability
BID:105262
CVE-2018-16376 |Info
OpenJPEG CVE-2018-16376 Remote Heap Based Buffer Overflow Vulnerability
| Bugtraq ID: | 105262 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2018-16376 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 02 2018 12:00AM |
| Updated: | Sep 02 2018 12:00AM |
| Credit: | Young-X |
| Vulnerable: |
OpenJPEG OpenJPEG 2.3 |
| Not Vulnerable: | |
Discussion
OpenJPEG CVE-2018-16376 Remote Heap Based Buffer Overflow Vulnerability
OpenJPEG is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to crash the affected application, resulting in denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.
OpenJPEG version 2.3.0 is vulnerable; other versions may also be affected.
OpenJPEG is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to crash the affected application, resulting in denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.
OpenJPEG version 2.3.0 is vulnerable; other versions may also be affected.
Exploit / POC
OpenJPEG CVE-2018-16376 Remote Heap Based Buffer Overflow Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
OpenJPEG CVE-2018-16376 Remote Heap Based Buffer Overflow Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
OpenJPEG CVE-2018-16376 Remote Heap Based Buffer Overflow Vulnerability
References:
References: