VDB
CVE-2019-6988
CVE-2019-6988
PUBLISHED
An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.
EPSS 0.33% · 56.0th percentile
Risk Scores
EPSS Score
0.33%
56.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | openjpeg2 | 2.3.1-1ubuntu5, 0, 2.4.0-6ubuntu0.2 |
| Ubuntu:24.04:LTS | openjpeg2 | 2.5.0-2ubuntu0.3, 2.5.0-2ubuntu0.2, 2.5.0-2build3 |
| Ubuntu:25.10 | openjpeg2 | 0, 2.5.3-2.1, 2.5.3-2 |
| Ubuntu:Pro:20.04:LTS | openjpeg2 | 2.3.1-1ubuntu4.20.04.2, 2.3.1-1ubuntu4.20.04.3, 2.3.0-2build1 |
| Ubuntu:Pro:18.04:LTS | ghostscript | 0, 9.21~dfsg+1-0ubuntu3, 9.22~dfsg+1-0ubuntu1 |
| Ubuntu:Pro:16.04:LTS | ghostscript | *, 9.25~dfsg+1-0ubuntu0.16.04.3, 9.26~dfsg+0-0ubuntu0.16.04.1 |
| Ubuntu:Pro:18.04:LTS | openjpeg2 | 2.3.0-2+deb10u2ubuntu0.1~esm4, 2.3.0-2+deb10u2ubuntu0.1~esm3, 2.3.0-2+deb10u2ubuntu0.1~esm2 |
| Ubuntu:Pro:16.04:LTS | openjpeg2 | *, 2.1.2-1.1+deb9u6ubuntu0.1~esm6, 2.1.2-1.1+deb9u6ubuntu0.1~esm4 |
Exploit Intelligence
Timeline
- Jan 28, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-6988 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-6988 third-party-advisory
- https://github.com/uclouvain/openjpeg/issues/1178#issuecomment-1789970548 third-party-advisory
- Multiples vulnérabilités dans VMware Tanzu advisory