[3.8] openjpeg: Multiple vulnerabilities (CVE-2018-14423, CVE-2018-6616)
CVE-2018-14423: Division-by-zero vulnerabilities in the functions
pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in
in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
CVE-2018-6616: In OpenJPEG 2.3.0, there is excessive iteration in
the opj_t1_encode_cblks function of openjp2/t1.c. Remote
attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
(from redmine: issue id 9798, created on 2018-12-27, closed on 2019-01-01)
- parent #9796 (closed)
- Revision 12fd347f by Francesco Colista on 2019-01-01T07:42:26Z:
main/openjpeg: security fixes - CVE-2018-14423 - CVE-2018-6616 this commit fixes #9798