Mend Vulnerability Database

Vulnerability DatabaseCVE-2019-12973

CVE-2019-12973

Published:June 26, 2019

Updated:May 17, 2026

In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.

Related Resources (13)

https://github.com/uclouvain/openjpeg/pull/1185/commits/cbe7384016083eac16078b359acd7a842253d503

https://access.redhat.com/security/cve/CVE-2019-12973

https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html

http://www.securityfocus.com/bid/108900

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.oracle.com//security-alerts/cpujul2021.html

https://security-tracker.debian.org/tracker/CVE-2019-12973

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html

https://security.alpinelinux.org/vuln/CVE-2019-12973

https://security.gentoo.org/glsa/202101-29

https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3

https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12973

Do you need more information?

CVSS v4

Base Score:

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

PASSIVE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Weakness Type (CWE)

Excessive Iteration

CWE-834

EPSS

Base Score:

0.05