CVE-2021-29338

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions OpenJPEG version 2.4.0

Description The issue is related to an integer overflow in OpenJPEG, which can be triggered by a remote attacker using the command line option "-ImgDir" on a directory containing a large number of files, specifically 1048576 files. This can cause the application to crash, resulting in a Denial of Service (DoS). The vulnerability is associated with incorrect handling of a directory with a large number of files.

Recommendations For OpenJPEG version 2.4.0, consider avoiding the use of the "-ImgDir" command line option on directories with a large number of files until a patch is available. As a temporary workaround, restrict the number of files in the directory to prevent the integer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2021:4251

ALT-PU-2022-1865

ALT-PU-2022-1892

AZL-44442

BDU:2022-05920

CESA-2021_4251

CVE-2021-29338

DLA-2975-1

DLA-4107-1

MGASA-2021-0216

OESA-2021-1363

OPENSUSE-SU-2022_1252-1

OPENSUSE-SU-2022_1296-1

OPENSUSE-SU-2024:13571-1

RHSA-2021:4251

RHSA-2021_4251

RLSA-2021:4251

ROSA-SA-2024-2537

SUSE-SU-2022:1129-1

SUSE-SU-2022:1252-1

SUSE-SU-2022:1296-1

USN-7083-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Openjpeg

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2021-29338

Weakness Enumeration

Related Identifiers

Affected Products

References · 117