[3.8] openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c (CVE-2018-5785)
In OpenJPEG 2.3.0, there is an integer overflow caused by an
out-of-bounds left shift in the opj_j2k_setup_encoder function
(openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
(from redmine: issue id 10095, created on 2019-03-12, closed on 2019-03-19)
- parent #10092 (closed)
- Revision aed331f6 by Francesco Colista on 2019-03-14T17:17:34Z:
main/openjpeg: security fixes - CVE-2018-5785 this commit fixes #10095