CVE-2017-12982
published 2017-08-21CVE-2017-12982: The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to…
medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openjpeg2 | < openjpeg2 2.3.0-1 (bookworm) | openjpeg2 2.3.0-1 (bookworm) |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.3.0-1 | 2.3.0-1 |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.3.0-1 | 2.3.0-1 |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.3.0-1 | 2.3.0-1 |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.3.0-1 | 2.3.0-1 |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.1.2-1.1+deb9u6ubuntu0.1~esm1 | 2.1.2-1.1+deb9u6ubuntu0.1~esm1 |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.3.0-2ubuntu0.1~esm1 | 2.3.0-2ubuntu0.1~esm1 |
| uclouvain | openjpeg | < 2.3.0 | 2.3.0 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM