CVE-2018-16375

SOURCE - nist

Summary

An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.

EPSS Score⁠: 0.00403 (0.736)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-787⁠

Out-of-bounds Write

SOURCE - redhat

CWE-122⁠

Heap-based Buffer Overflow

Sources (5)

Impacted images

debian

CREATED

6 years ago

UPDATED

8 months ago

SOURCE IDCVE-2018-16375⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/openjpeg2	deb	debian	12	>=2.5.0-2	Not yet available
debian/openjpeg2	deb	debian	13	>=2.5.0-2	Not yet available
debian/openjpeg2	deb	debian	11	>=2.4.0-3	Not yet available
debian/openjpeg2	deb	debian	unstable	>=2.5.0-2	Not yet available
debian/openjpeg2	deb	debian	10	>=2.3.0-2+deb10u2	Not yet available

Severity and metrics

No CVSS data available from this source.

nist

CREATED

6 years ago

UPDATED

3 years ago

SOURCE IDCVE-2018-16375⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-787⁠

CVSS SCORE

8.8high

ubuntu

CREATED

6 years ago

UPDATED

1 month ago

SOURCE IDCVE-2018-16375⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

8.8medium

redhat

CREATED

6 years ago

UPDATED

10 months ago

SOURCE IDCVE-2018-16375⁠

EXPLOITABILITY SCORE

1.0

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-122⁠

CVSS SCORE

7medium

suse

CREATED

6 years ago

UPDATED

8 months ago

SOURCE IDCVE-2018-16375⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

4.4medium