{"id":"CVE-2018-7648","details":"An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.","modified":"2026-04-11T14:11:09.030978Z","published":"2018-03-02T16:29:00.213Z","related":["openSUSE-SU-2024:11120-1"],"references":[{"type":"REPORT","url":"https://github.com/uclouvain/openjpeg/issues/1088"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/commit/cc3824767bde397fedb8a1ae4786a222ba860c8d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/uclouvain/openjpeg","events":[{"introduced":"0"},{"last_affected":"081de4b15f54cb4482035b7bf5e3fb443e4bc84b"},{"fixed":"cc3824767bde397fedb8a1ae4786a222ba860c8d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.3.0"}]}}],"versions":["v2.2.0","v2.3.0"],"database_specific":{"vanir_signatures":[{"deprecated":false,"target":{"file":"src/bin/mj2/opj_mj2_extract.c"},"source":"https://github.com/uclouvain/openjpeg/commit/cc3824767bde397fedb8a1ae4786a222ba860c8d","digest":{"threshold":0.9,"line_hashes":["320682276623054871944337876216980139907","263881287619099284430256011721633502297","2848672890557279726117555643167944211","181734107993385793232230324283849354312","303973254535423105423398004318675394013","185316987648347462227752028736580492744","146381316644439753433409365344195423450"]},"id":"CVE-2018-7648-411c3d8d","signature_version":"v1","signature_type":"Line"},{"deprecated":false,"target":{"function":"main","file":"src/bin/mj2/opj_mj2_extract.c"},"source":"https://github.com/uclouvain/openjpeg/commit/cc3824767bde397fedb8a1ae4786a222ba860c8d","digest":{"length":1790,"function_hash":"18908964000435985548001782315975091160"},"id":"CVE-2018-7648-9adc509c","signature_version":"v1","signature_type":"Function"}],"vanir_signatures_modified":"2026-04-11T14:11:09Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7648.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}