CVE-2017-17480Out-of-bounds Write in Openjpeg

CWE-787Out-of-bounds WriteCWE-121Stack-based Buffer Overflow14 documents8 sources
Severity
9.8CRITICALNVD
EPSS
3.9%
top 11.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
THE Openjpeg Project Openjpeg2Canonical Ubuntu LinuxDebian Linux+1 more
Timeline
PublishedDec 8
Latest updateMay 13

Description

In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

Debianthe_openjpeg_project/openjpeg2< 2.3.0-2+3
Ubuntuthe_openjpeg_project/openjpeg2< 2.3.0-2build0.18.04.1

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 18.04

🔴Vulnerability Details

4
GHSA
GHSA-j9x9-9h4c-f6v6: In OpenJPEG 22022-05-13
OSV
openjpeg2 vulnerabilities2019-08-21
OSV
CVE-2017-17480: In OpenJPEG 22017-12-08
CVEList
CVE-2017-17480: In OpenJPEG 22017-12-08

📋Vendor Advisories

3
Ubuntu
OpenJPEG vulnerabilities2019-08-21
Red Hat
openjpeg: Stack-buffer overflow in the pgxtovolume function2017-12-08
Debian
CVE-2017-17480: openjpeg2 - In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolu...2017

💬Community

6
Bugzilla
CVE-2017-17480 openjpeg: Stack-buffer overflow in the pgxtovolume function2017-12-12
Bugzilla
CVE-2017-14039 CVE-2017-14164 CVE-2017-17479 CVE-2017-17480 openjpeg2: various flaws [fedora-all]2017-09-01
Bugzilla
CVE-2017-14039 CVE-2017-14164 CVE-2017-17479 CVE-2017-17480 mingw-openjpeg2: various flaws [fedora-all]2017-09-01
Bugzilla
CVE-2017-14039 CVE-2017-14164 CVE-2017-17479 CVE-2017-17480 mingw-openjpeg: various flaws [fedora-all]2017-09-01
Bugzilla
CVE-2017-14039 CVE-2017-14164 CVE-2017-17479 CVE-2017-17480 openjpeg2: various flaws [epel-all]2017-09-01
CVE-2017-17480 — Out-of-bounds Write in Openjpeg | cvebase