CVE-2019-12973

Priority
Description
In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks
function of openjp2/t1.c. Remote attackers could leverage this
vulnerability to cause a denial of service via a crafted bmp file. This
issue is similar to CVE-2018-6616.
Ubuntu-Description
It was discovered that OpenJPEG incorrectly handled certain BMP files. A
remote attacker could possibly use this issue to cause a denial of service.
Notes
ebarrettoMarking emscripten ignored as openjpeg2 code is only for test/example.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored
Ubuntu 18.04 LTS (Bionic Beaver):ignored
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Source: gdcm (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (uses system openjpeg)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system openjpeg)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system openjpeg)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (uses system openjpeg)
Ubuntu 20.10 (Groovy Gorilla):not-affected (uses system openjpeg)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
More Information

Updated: 2020-09-15 14:29:01 UTC (commit e27349b551c7b23746ea98fa0446db8359dc7c41)