CVE-2017-14040 — Out-of-bounds Write in Openjpeg

CWE-787 — Out-of-bounds Write CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.9%

top 24.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

THE Openjpeg Project Openjpeg2 Debian Linux Uclouvain Openjpeg

Timeline

PublishedAug 30

Latest updateMay 13

Description

An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶Debianthe_openjpeg_project/openjpeg2< 2.3.0-1+3

▶NVDuclouvain/openjpeg2.2.0

Also affects: Debian Linux 8.0, 9.0

Patches

Patch: blogs.gentoo.org ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-gmcw-2p5w-8j4p: An invalid write access was discovered in bin/jp2/convert↗2022-05-13

▶

CVEList

CVE-2017-14040: An invalid write access was discovered in bin/jp2/convert↗2017-08-30

▶

OSV

CVE-2017-14040: An invalid write access was discovered in bin/jp2/convert↗2017-08-30

▶

📋Vendor Advisories

Red Hat

openjpeg: Invalid write access in bin/jp2/convert.c↗2017-08-31

▶

Debian

CVE-2017-14040: openjpeg2 - An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, t...↗2017

▶

💬Community

Bugzilla

CVE-2017-14040 CVE-2017-14041 openjpeg2: various flaws [fedora-all]↗2017-08-31

▶

Bugzilla

CVE-2017-14040 CVE-2017-14041 mingw-openjpeg: various flaws [fedora-all]↗2017-08-31

▶

Bugzilla

CVE-2017-14040 CVE-2017-14041 openjpeg: various flaws [fedora-all]↗2017-08-31

▶

Bugzilla

CVE-2017-14040 openjpeg: Invalid write access in bin/jp2/convert.c↗2017-08-31

▶

Bugzilla

CVE-2017-14040 CVE-2017-14041 openjpeg2: various flaws [epel-all]↗2017-08-31

▶