suse · CVE-2018-6616

Quick triage

Priority: medium Published: 2021-05-30 14:10:49 UTC Updated: 2026-04-17 15:32:18 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-6616 severity moderate: SUSE including 67 source package names (0.3.2-1.2:libopenjp2-7-2.3.0-150000.3.5.1, 0.3.32-3.4:libopenjp2-7-2.3.0-150000.3.5.1, …), 265 product×package rows across 86 product lines (Container containers/lmcache-vllm-openai, Container containers/open-webui, … (86 product lines)): Fixed 149, Known Not Affected 116.

Description:

In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

cvelogic Threat Intelligence