Off-by-One Error in OpenJPEG Affects Remote Operations
CVE-2017-14151

8.8HIGH

Key Information:

Vendor

Uclouvain

Status
Openjpeg
Vendor
CVE Published:
5 September 2017

What is CVE-2017-14151?

An off-by-one error was identified in the function opj_tcd_code_block_enc_allocate_data within the OpenJPEG library, specifically affecting version 2.2.0. This vulnerability leads to out-of-bounds writes that can cause heap-based buffer overflows, potentially impacting critical functions like opj_mqc_flush and opj_t1_encode_cblk. This flaw may expose systems to denial of service attacks or even enable remote code execution, heightening security risks for all users of this library.

References

https://github.com/uclouvain/openjpeg/issues/982
x_refsource_MISC
http://www.debian.org/security/2017/dsa-4013
vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/100633
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.