LingalaShalini / openjpeg-2.3.0_before_fix

0 stars 0 forks source link

CVE-2023-52356 (High) detected in openjpegv2.3.0 #77

Open mend-bolt-for-github[bot] opened 9 months ago

mend-bolt-for-github[bot] commented 9 months ago

CVE-2023-52356 - High Severity Vulnerability

Vulnerable Library - openjpegv2.3.0

Official repository of the OpenJPEG project

Library home page: https://github.com/uclouvain/openjpeg.git

Found in HEAD commit: 3501163dd1d68645efcce586f29683574a46c95f

Found in base branch: master

Vulnerable Source Files (1)

/thirdparty/libtiff/tif_getimage.c

Vulnerability Details

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

Publish Date: 2024-01-25

URL: CVE-2023-52356

CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.


Step up your Open Source Security Game with Mend here