Skip to main content

Openjpeg CVE-2018-18088

MEDIUM
NULL Pointer Dereference (CWE-476)
2018-10-09 cve@mitre.org
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 09, 2018 - 20:29 nvd
MEDIUM 6.5

DescriptionNVD

OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c

AnalysisAI

OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c Affected products include: Uclouvain Openjpeg, Debian Debian Linux.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2013-4290 CRITICAL POC
10.0 Apr 18

Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vect

CVE-2017-14164 HIGH POC
8.8 Sep 06

A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. Rated high severity

CVE-2020-8112 HIGH POC
8.8 Jan 28

opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in th

CVE-2016-7445 HIGH POC
7.5 Oct 03

convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and ap

CVE-2016-7163 HIGH POC
7.8 Sep 21

Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary c

CVE-2016-8332 HIGH POC
7.5 Oct 28

A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. Rated high severity (C

CVE-2012-3535 MEDIUM POC
6.8 Sep 05

Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (applicati

CVE-2016-10504 MEDIUM POC
6.5 Aug 30

Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote

CVE-2016-9112 HIGH POC
7.5 Oct 29

Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.

CVE-2016-9114 HIGH POC
7.5 Oct 30

There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. Rated high severity (CVS

CVE-2016-9113 HIGH POC
7.5 Oct 30

There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. Rated high severity (C

CVE-2020-6851 HIGH POC
7.5 Jan 13

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack

Share

CVE-2018-18088 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy