Bug 1083901 - (CVE-2018-7648) VUL-1: CVE-2018-7648: openjpeg2: An issue was discovered in mj2/opj_mj2_extract.c. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters
(CVE-2018-7648)
VUL-1: CVE-2018-7648: openjpeg2: An issue was discovered in mj2/opj_mj2_extra...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Hans Petter Jansson
Security Team bot
https://smash.suse.de/issue/201134/
CVSSv3:RedHat:CVE-2018-7648:3.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-03-05 08:18 UTC by Karol Babioch
Modified: 2019-04-03 21:20 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-03-05 08:18:29 UTC
CVE-2018-7648

An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output
prefix was not checked for length, which could overflow a buffer, when providing
a prefix with 50 or more characters on the command line.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7648
http://www.cvedetails.com/cve/CVE-2018-7648/
https://github.com/kbabioch/openjpeg/commit/6d8c0c06ee32dc03ba80acd48334e98728e56cf5
https://github.com/uclouvain/openjpeg/issues/1088
Comment 1 Karol Babioch 2018-03-05 08:18:50 UTC
Our packages are built with -DBUILD_MJ2:BOOL=OFF (default), so this is not a problem for us.
Comment 2 Swamp Workflow Management 2019-04-03 21:20:16 UTC
This is an autogenerated message for OBS integration:
This bug (1083901) was mentioned in
https://build.opensuse.org/request/show/691318 Factory / openjpeg2