CVE-2018-6616 (https://nvd.nist.gov/vuln/detail/CVE-2018-6616): In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. CVE-2018-5785 (https://nvd.nist.gov/vuln/detail/CVE-2018-5785): In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. CVE-2018-5727 (https://nvd.nist.gov/vuln/detail/CVE-2018-5727): In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
x86 stable
arm64 stable
sparc stable
arm stable
amd64 stable
s390 stable
ppc stable
ppc64 stable
ia64 stable
alpha stable
hppa stable
@maintainer(s), please clean 2.3.0-r1