PT-2017-13282 · Openjpeg+1 · Openjpeg+1

Asarubbo

Published

2017-09-05

Updated

2021-02-02

CVE-2017-14151

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenJPEG version 2.2.0

Description A heap-based buffer overflow issue was found due to an off-by-one error in the opj tcd code block enc allocate data function, potentially leading to remote denial of service or possibly remote code execution. The issue affects the opj mqc flush function in lib/openjp2/mqc.c and the opj t1 encode cblk function in lib/openjp2/t1.c.

Recommendations For OpenJPEG version 2.2.0, consider updating to a newer version that contains a fix for this issue, as the current version may allow for remote denial of service or possibly remote code execution due to the heap-based buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2017-2388

CVE-2017-14151

DSA-4013-1

OPENSUSE-SU-2024:11120-1

Affected Products

Alt Linux

Openjpeg

PT-2017-13282 · Openjpeg+1 · Openjpeg+1

CVE-2017-14151

Weakness Enumeration

Related Identifiers

Affected Products

References · 37