Out-of-Bounds Write Vulnerability in OpenJPEG by UCLouvain
CVE-2017-14152

8.8HIGH

Key Information:

Vendor

Uclouvain

Status
Openjpeg
Vendor
CVE Published:
5 September 2017

What is CVE-2017-14152?

A mishandled scenario in the opj_j2k_set_cinema_parameters function of OpenJPEG can cause an out-of-bounds write. This vulnerability leads to a heap-based buffer overflow in essential functions within the library, like opj_write_bytes_LE and opj_j2k_write_sot, potentially enabling remote denial of service or even remote code execution. It highlights a significant risk for users of OpenJPEG 2.2.0 due to improper handling of zero cases.

References

http://www.debian.org/security/2017/dsa-4013
vendor-advisoryx_refsource_DEBIAN
https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1...
x_refsource_MISC
https://github.com/uclouvain/openjpeg/issues/985
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.