View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-6616 severity moderate: SUSE including 67 source package names (0.3.2-1.2:libopenjp2-7-2.3.0-150000.3.5.1, 0.3.32-3.4:libopenjp2-7-2.3.0-150000.3.5.1, …), 265 product×package rows across 86 product lines (Container containers/lmcache-vllm-openai, Container containers/open-webui, … (86 product lines)): Fixed 149, Known Not Affected 116.
In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.