{"id":"CVE-2019-12973","details":"In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.","modified":"2026-05-17T11:54:31.421379610Z","published":"2019-06-26T18:15:10.120Z","related":["ALSA-2021:4251","SUSE-SU-2019:2460-1","SUSE-SU-2019:2478-1","openSUSE-SU-2019:2222-1","openSUSE-SU-2019:2223-1","openSUSE-SU-2024:10783-1","openSUSE-SU-2024:11120-1"],"database_specific":{"unresolved_ranges":[{"vendor_product":"debian:debian_linux","cpes":["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"last_affected":"9.0"}]},{"vendor_product":"opensuse:leap","cpes":["cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"last_affected":"15.0"},{"last_affected":"15.1"}]},{"vendor_product":"oracle:database_server","cpes":["cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"last_affected":"18c"}]},{"vendor_product":"oracle:outside_in_technology","cpes":["cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*","cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.5.4"},{"last_affected":"8.5.5"}]}]},"references":[{"type":"WEB","url":"https://github.com/uclouvain/openjpeg/pull/1185/commits/cbe7384016083eac16078b359acd7a842253d503"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/108900"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202101-29"},{"type":"ADVISORY","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}