1670982 – (CVE-2019-6988) CVE-2019-6988 openjpeg: DoS via memory exhaustion in opj_decompress

Bug 1670982 (CVE-2019-6988) - CVE-2019-6988 openjpeg: DoS via memory exhaustion in opj_decompress

Summary: CVE-2019-6988 openjpeg: DoS via memory exhaustion in opj_decompress

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2019-6988
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1670983
Blocks:	1670984
TreeView+	depends on / blocked

Reported:	2019-01-30 13:06 UTC by Dhananjay Arunesh
Modified:	2019-09-29 15:06 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-02-01 05:33:03 UTC
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2019-01-30 13:06:12 UTC

An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a
denial of service (attempted excessive memory allocation) in opj_calloc in
openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as
demonstrated by the 64-bit opj_decompress.

References:

https://github.com/uclouvain/openjpeg/issues/1178

Comment 1 Dhananjay Arunesh 2019-01-30 13:06:22 UTC

Created openjpeg tracking bugs for this issue:

Affects: fedora-all [bug 1670983]

Comment 2 Huzaifa S. Sidhpurwala 2019-01-31 04:56:20 UTC

Analysis:

This is essentially a memory exhaustion flaw in the way, the decompressor allocates memory, caused by specially-crafted JPEG2000 file headers. The only impact of this flaw is machine hang, depending on the amount of memory available on the system.

Note You need to log in before you can comment on or make changes to this bug.