Open mend-bolt-for-github[bot] opened 1 month ago
Open Source Computer Vision Library
Library home page: https://github.com/opencv/opencv.git
Found in HEAD commit: 7669a0a8c21b0af9a1d641e5e76d43681bb5d0ab
Found in base branch: main
/3rdparty/openjpeg/openjp2/opj_malloc.c /3rdparty/openjpeg/openjp2/opj_malloc.c /3rdparty/openjpeg/openjp2/opj_malloc.c
A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.
Publish Date: 2024-07-09
URL: CVE-2023-39328
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Release Date: 2024-07-09
Fix Resolution: b287b27a87ecfbbd3b1206b17269d19e76a1b467
Step up your Open Source Security Game with Mend here
CVE-2023-39328 - Medium Severity Vulnerability
Vulnerable Library - opencv4.5.5
Open Source Computer Vision Library
Library home page: https://github.com/opencv/opencv.git
Found in HEAD commit: 7669a0a8c21b0af9a1d641e5e76d43681bb5d0ab
Found in base branch: main
Vulnerable Source Files (3)
/3rdparty/openjpeg/openjp2/opj_malloc.c /3rdparty/openjpeg/openjp2/opj_malloc.c /3rdparty/openjpeg/openjp2/opj_malloc.c
Vulnerability Details
A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.
Publish Date: 2024-07-09
URL: CVE-2023-39328
CVSS 3 Score Details (5.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2024-07-09
Fix Resolution: b287b27a87ecfbbd3b1206b17269d19e76a1b467
Step up your Open Source Security Game with Mend here