CVE-2018-7648 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-7648 Interim 1 16 2025-11-05T03:33:18Z current 2021-05-30T14:11:32Z 2025-11-05T03:33:18Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-7648 An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP3 openSUSE Tumbleweed libopenjp2-7 libopenjp2-7-2.4.0-1.4 libopenjp2-7-2.5.3-160000.2.2 libopenjp2-7-32bit libopenjp2-7-32bit-2.4.0-1.4 libopenjp2-7-x86-64-v3-2.5.3-160000.2.2 openjpeg2 openjpeg2-2.4.0-1.4 openjpeg2-2.5.3-160000.2.2 openjpeg2-devel openjpeg2-devel-2.4.0-1.4 openjpeg2-devel-2.5.3-160000.2.2 openjpeg2-devel-doc-2.4.0-1.4 openjpeg2-devel-doc-2.5.3-160000.2.2 libopenjp2-7-2.5.3-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 libopenjp2-7-x86-64-v3-2.5.3-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 openjpeg2-2.5.3-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 openjpeg2-devel-2.5.3-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 openjpeg2-devel-doc-2.5.3-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 libopenjp2-7-2.4.0-1.4 as a component of openSUSE Tumbleweed libopenjp2-7-32bit-2.4.0-1.4 as a component of openSUSE Tumbleweed openjpeg2-2.4.0-1.4 as a component of openSUSE Tumbleweed openjpeg2-devel-2.4.0-1.4 as a component of openSUSE Tumbleweed openjpeg2-devel-doc-2.4.0-1.4 as a component of openSUSE Tumbleweed libopenjp2-7 as a component of SUSE Linux Enterprise Desktop 12 SP2 openjpeg2 as a component of SUSE Linux Enterprise Desktop 12 SP2 libopenjp2-7 as a component of SUSE Linux Enterprise Desktop 12 SP3 openjpeg2 as a component of SUSE Linux Enterprise Desktop 12 SP3 libopenjp2-7 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS libopenjp2-7-32bit as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS openjpeg2 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS openjpeg2-devel as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS libopenjp2-7 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 openjpeg2 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 openjpeg2-devel as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 libopenjp2-7 as a component of SUSE Linux Enterprise Server 12 SP2 openjpeg2 as a component of SUSE Linux Enterprise Server 12 SP2 libopenjp2-7 as a component of SUSE Linux Enterprise Server 12 SP3 openjpeg2 as a component of SUSE Linux Enterprise Server 12 SP3 libopenjp2-7 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS openjpeg2 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line. CVE-2018-7648 SUSE Linux Enterprise Server 16.0:libopenjp2-7-2.5.3-160000.2.2 SUSE Linux Enterprise Server 16.0:libopenjp2-7-x86-64-v3-2.5.3-160000.2.2 SUSE Linux Enterprise Server 16.0:openjpeg2-2.5.3-160000.2.2 SUSE Linux Enterprise Server 16.0:openjpeg2-devel-2.5.3-160000.2.2 SUSE Linux Enterprise Server 16.0:openjpeg2-devel-doc-2.5.3-160000.2.2 openSUSE Tumbleweed:libopenjp2-7-2.4.0-1.4 openSUSE Tumbleweed:libopenjp2-7-32bit-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-2.4.0-1.4 openSUSE Tumbleweed:openjpeg2-devel-doc-2.4.0-1.4 SUSE Linux Enterprise Desktop 12 SP2:libopenjp2-7 SUSE Linux Enterprise Desktop 12 SP2:openjpeg2 SUSE Linux Enterprise Desktop 12 SP3:libopenjp2-7 SUSE Linux Enterprise Desktop 12 SP3:openjpeg2 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopenjp2-7 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopenjp2-7-32bit SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:openjpeg2 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:openjpeg2-devel SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenjp2-7 SUSE Linux Enterprise Module for Basesystem 15 SP3:openjpeg2 SUSE Linux Enterprise Module for Basesystem 15 SP3:openjpeg2-devel SUSE Linux Enterprise Server 12 SP2:libopenjp2-7 SUSE Linux Enterprise Server 12 SP2:openjpeg2 SUSE Linux Enterprise Server 12 SP3:libopenjp2-7 SUSE Linux Enterprise Server 12 SP3:openjpeg2 SUSE Linux Enterprise Server 12 SP4-LTSS:libopenjp2-7 SUSE Linux Enterprise Server 12 SP4-LTSS:openjpeg2 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H