Описание
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
A heap-based buffer overflow has been discovered in OpenJPEG in the function color_apply_icc_profile, while applying the color transformation. An application that uses OpenJPEG to parse untrusted images may be vulnerable to this flaw, which would allow an attacker to crash the application or potentially execute code.
Меры по смягчению последствий
If the application accepts untrusted images there is no known mitigation apart from applying the patch.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | openjpeg | Not affected | ||
| Red Hat Enterprise Linux 7 | openjpeg | Will not fix | ||
| Red Hat Enterprise Linux 7 | openjpeg2 | Not affected | ||
| Red Hat Enterprise Linux 8 | openjpeg2 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_pr ...
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
Уязвимость функции color_apply_icc_profile (bin/common/color.c) библиотеки для кодирования и декодирования OpenJPEG, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS
8.1 High
CVSS3