A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
{ "vanir_signatures": [ { "source": "https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9", "signature_type": "Line", "target": { "file": "src/bin/jp2/convert.c" }, "id": "CVE-2017-14041-0ed3cf36", "digest": { "threshold": 0.9, "line_hashes": [ "93327303174376407343072571110831778964", "333840381891782575213518495759404999871", "239148697901479194340405002524923251242", "126254955518562231447846272145976482727" ] }, "deprecated": false, "signature_version": "v1" }, { "source": "https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9", "signature_type": "Function", "target": { "file": "src/bin/jp2/convert.c", "function": "pgxtoimage" }, "id": "CVE-2017-14041-92b58e54", "digest": { "function_hash": "62236416517242072582975319192377518961", "length": 2972.0 }, "deprecated": false, "signature_version": "v1" } ] }