Bug 1670982 (CVE-2019-6988) - CVE-2019-6988 openjpeg: DoS via memory exhaustion in opj_decompress
Summary: CVE-2019-6988 openjpeg: DoS via memory exhaustion in opj_decompress
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2019-6988
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1670983
Blocks: 1670984
TreeView+ depends on / blocked
 
Reported: 2019-01-30 13:06 UTC by Dhananjay Arunesh
Modified: 2019-09-29 15:06 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-02-01 05:33:03 UTC


Attachments (Terms of Use)

Description Dhananjay Arunesh 2019-01-30 13:06:12 UTC
An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a
denial of service (attempted excessive memory allocation) in opj_calloc in
openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as
demonstrated by the 64-bit opj_decompress.

References:

https://github.com/uclouvain/openjpeg/issues/1178

Comment 1 Dhananjay Arunesh 2019-01-30 13:06:22 UTC
Created openjpeg tracking bugs for this issue:

Affects: fedora-all [bug 1670983]

Comment 2 Huzaifa S. Sidhpurwala 2019-01-31 04:56:20 UTC
Analysis:

This is essentially a memory exhaustion flaw in the way, the decompressor allocates memory, caused by specially-crafted JPEG2000 file headers. The only impact of this flaw is machine hang, depending on the amount of memory available on the system.


Note You need to log in before you can comment on or make changes to this bug.