LingalaShalini / openjpeg-2.3.0_before_fix

0 stars 0 forks source link

CVE-2023-2731 (Medium) detected in openjpegv2.3.0 #72

Open mend-bolt-for-github[bot] opened 1 year ago

mend-bolt-for-github[bot] commented 1 year ago

CVE-2023-2731 - Medium Severity Vulnerability

Vulnerable Library - openjpegv2.3.0

Official repository of the OpenJPEG project

Library home page: https://github.com/uclouvain/openjpeg.git

Found in base branch: master

Vulnerable Source Files (1)

/thirdparty/libtiff/tif_lzw.c

Vulnerability Details

A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.

Publish Date: 2023-05-17

URL: CVE-2023-2731

CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.


Step up your Open Source Security Game with Mend here