Buffer Allocation Flaw in OpenJPEG2 Affects Large Input Directories
CVE-2022-1122

5.5MEDIUM

Key Information:

Vendor

Uclouvain

Status
Openjpeg2
Vendor
CVE Published:
29 March 2022

What is CVE-2022-1122?

A flaw exists in the opj2_decompress function within OpenJPEG2 version 2.4.0, where handling directories containing a large number of files leads to failure in allocating necessary buffers. This mismanagement causes an attempted free operation on an uninitialized pointer, triggering a segmentation fault. Consequently, this results in a denial of service, interrupting the normal functioning of the application when processing large input directories.

Affected Version(s)

openjpeg2 openjpeg2 version 2.4.0 and prior

References

https://github.com/uclouvain/openjpeg/issues/1368
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://lists.debian.org/debian-lts-announce/2022/04/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.