CVE-2018-5785
Description
Integer overflow in OpenJPEG 2.3.0's opj_j2k_setup_encoder allows denial of service via crafted BMP file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflow in OpenJPEG 2.3.0's opj_j2k_setup_encoder allows denial of service via crafted BMP file.
Vulnerability
In OpenJPEG 2.3.0, the opj_j2k_setup_encoder function in openjp2/j2k.c contains an integer overflow caused by an out-of-bounds left shift. The shift exponent 4294967295 (0xFFFFFFFF) is too large for a 32-bit int type, leading to undefined behavior. This code path is reachable when processing a specially crafted BMP file using the opj_compress tool [2].
Exploitation
An attacker can trigger the vulnerability by supplying a malicious BMP file to opj_compress. No authentication or special network position is required; the file can be delivered remotely (e.g., via email, download). The crash occurs during encoding setup, as demonstrated by running bin/opj_compress -n 1 -i $POC -o OUTPUT with the proof-of-concept file [2].
Impact
Successful exploitation causes a denial of service (application crash). The description and references confirm only a DoS impact; no remote code execution or information disclosure is associated with this CVE [1][2].
Mitigation
The vulnerability is fixed in later versions of OpenJPEG. Ubuntu addressed it in USN-4109-1 (August 2019) [1]. Users should upgrade to a patched release. No workaround is documented, and the CVE is not listed in CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
28- osv-coords27 versionspkg:rpm/almalinux/openjpeg2pkg:rpm/almalinux/openjpeg2-develpkg:rpm/almalinux/openjpeg2-devel-docspkg:rpm/almalinux/openjpeg2-toolspkg:rpm/opensuse/openjpeg2&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/openjpeg2&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/openjpeg2&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/openjpeg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/openjpeg2&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/openjpeg2&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/openjpeg2&distro=SUSE%20Manager%20Server%204.1
< 2.4.0-4.el8+ 26 more
- (no CPE)range: < 2.4.0-4.el8
- (no CPE)range: < 2.4.0-4.el8
- (no CPE)range: < 2.4.0-4.el8
- (no CPE)range: < 2.4.0-4.el8
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
- (no CPE)range: < 2.3.0-150000.3.5.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3- usn.ubuntu.com/4109-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2019/dsa-4405mitrevendor-advisoryx_refsource_DEBIAN
- github.com/uclouvain/openjpeg/issues/1057mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.