Stack-based Buffer Overflow in OpenJPEG 2.3.0 by UCLouvain
CVE-2017-17479

9.8CRITICAL

Key Information:

Vendor: Uclouvain
Status: Openjpeg
Vendor: CVE Published:; 8 December 2017

What is CVE-2017-17479?

In OpenJPEG 2.3.0, a stack-based buffer overflow is present in the pgxtoimage function within the jpwl/convert.c file. This flaw allows for an out-of-bounds write, which could result in denial of service or potentially facilitate remote code execution under certain circumstances. This vulnerability underscores the importance of vigilant coding practices and timely software updates.

References

https://github.com/uclouvain/openjpeg/issues/1044

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2017
Vulnerability Reserved
Dec 8, 2017

CVE-2017-17479 Data

JSON

Uclouvain

What is CVE-2017-17479?

References

EPSS Score

CVSS V3.1

Timeline