Invalid Write Access Vulnerability in OpenJPEG by UCLouvain
CVE-2017-14040

8.8HIGH

Key Information:

Vendor

Uclouvain

Status
Openjpeg
Vendor
CVE Published:
30 August 2017

What is CVE-2017-14040?

An invalid write access vulnerability was identified in OpenJPEG 2.2.0 within the bin/jp2/convert.c file, specifically in the tgatoimage function. This flaw can lead to a crash of the application, resulting in a potential remote denial of service scenario while also posing risks of unspecified other impacts. Users are advised to apply the latest security patches to mitigate the risks associated with this vulnerability.

References

https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-...
x_refsource_MISC
https://github.com/uclouvain/openjpeg/issues/995
x_refsource_MISC
http://www.debian.org/security/2017/dsa-4013
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.