CVE-2017-17479Out-of-bounds Write in Openjpeg

CWE-787Out-of-bounds WriteCWE-121Stack-based Buffer Overflow14 documents8 sources
Severity
9.8CRITICALNVD
EPSS
5.4%
top 9.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
THE Openjpeg Project Openjpeg2Uclouvain Openjpeg
Timeline
PublishedDec 8
Latest updateOct 7

Description

In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

Debianthe_openjpeg_project/openjpeg2< 2.3.0-2+3

🔴Vulnerability Details

4
OSV
openjpeg vulnerabilities2022-10-07
GHSA
GHSA-4x4h-5jqj-88gh: In OpenJPEG 22022-05-14
CVEList
CVE-2017-17479: In OpenJPEG 22017-12-08
OSV
CVE-2017-17479: In OpenJPEG 22017-12-08

📋Vendor Advisories

3
Ubuntu
OpenJPEG vulnerabilities2022-10-07
Red Hat
openjpeg: Stack-buffer overflow in the pgxtoimage function2017-12-08
Debian
CVE-2017-17479: openjpeg2 - In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimag...2017

💬Community

6
Bugzilla
CVE-2017-17479 openjpeg: Stack-buffer overflow in the pgxtoimage function2017-12-12
Bugzilla
CVE-2017-14039 CVE-2017-14164 CVE-2017-17479 CVE-2017-17480 openjpeg2: various flaws [fedora-all]2017-09-01
Bugzilla
CVE-2017-14039 CVE-2017-14164 CVE-2017-17479 CVE-2017-17480 mingw-openjpeg2: various flaws [fedora-all]2017-09-01
Bugzilla
CVE-2017-14039 CVE-2017-14164 CVE-2017-17479 CVE-2017-17480 mingw-openjpeg: various flaws [fedora-all]2017-09-01
Bugzilla
CVE-2017-14039 CVE-2017-14164 CVE-2017-17479 CVE-2017-17480 openjpeg2: various flaws [epel-all]2017-09-01
CVE-2017-17479 — Out-of-bounds Write in Openjpeg | cvebase