CVE-2017-12982

Name of the Vulnerable Software and Affected Versions OpenJPEG version 2.2.0

Description The issue is related to the bmp read info header function, which does not properly handle headers with a zero biBitCount, leading to a denial of service due to memory allocation failure in the opj image create function. This is connected to the opj aligned alloc n function in opj malloc.c.

Recommendations For OpenJPEG version 2.2.0, consider applying a patch or fix that properly rejects headers with a zero biBitCount to prevent memory allocation failures. At the moment, there is no information about a newer version that contains a fix for this vulnerability.