Out-of-Bounds Write Vulnerability in OpenJPEG 2.2.0
CVE-2017-14164

8.8HIGH

Key Information:

Vendor

Uclouvain

Status
Openjpeg
Vendor
CVE Published:
6 September 2017

What is CVE-2017-14164?

An out-of-bounds write vulnerability was identified in the opj_j2k_write_sot function in OpenJPEG 2.2.0. This flaw can cause heap-based buffer overflows during processing, leading to potential remote denial of service or, in certain cases, remote code execution. The issue arises from inadequate validation of size parameters, making it possible for attackers to exploit the vulnerability. This flaw is notably linked to a previous incomplete fix associated with another vulnerability.

References

https://security.gentoo.org/glsa/201710-26
vendor-advisoryx_refsource_GENTOO
https://blogs.gentoo.org/ago/2017/09/06/heap-based-buffer...
x_refsource_MISC
http://www.securityfocus.com/bid/100677
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.