CVE-2017-14041

A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.

References

Affected packages

Git / github.com/uclouvain/openjpeg

Affected ranges

Type: GIT
Repo: https://github.com/uclouvain/openjpeg
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e5285319229a5d77bf316bb0d3a6cbd3cb8666d9

Affected versions

v2.*

v2.2.0

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "target": {
            "file": "src/bin/jp2/convert.c"
        },
        "source": "https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "93327303174376407343072571110831778964",
                "333840381891782575213518495759404999871",
                "239148697901479194340405002524923251242",
                "126254955518562231447846272145976482727"
            ]
        },
        "deprecated": false,
        "id": "CVE-2017-14041-0ed3cf36",
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "pgxtoimage",
            "file": "src/bin/jp2/convert.c"
        },
        "source": "https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9",
        "digest": {
            "function_hash": "62236416517242072582975319192377518961",
            "length": 2972.0
        },
        "deprecated": false,
        "id": "CVE-2017-14041-92b58e54",
        "signature_version": "v1"
    }
]