CVE-2017-14041

A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.

References

Affected packages

Git / github.com/uclouvain/openjpeg

Affected ranges

Type: GIT
Repo: https://github.com/uclouvain/openjpeg
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e5285319229a5d77bf316bb0d3a6cbd3cb8666d9

Affected versions

v2.*

v2.2.0

Database specific

{
    "vanir_signatures": [
        {
            "source": "https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9",
            "signature_type": "Line",
            "target": {
                "file": "src/bin/jp2/convert.c"
            },
            "id": "CVE-2017-14041-0ed3cf36",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "93327303174376407343072571110831778964",
                    "333840381891782575213518495759404999871",
                    "239148697901479194340405002524923251242",
                    "126254955518562231447846272145976482727"
                ]
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "source": "https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9",
            "signature_type": "Function",
            "target": {
                "file": "src/bin/jp2/convert.c",
                "function": "pgxtoimage"
            },
            "id": "CVE-2017-14041-92b58e54",
            "digest": {
                "function_hash": "62236416517242072582975319192377518961",
                "length": 2972.0
            },
            "deprecated": false,
            "signature_version": "v1"
        }
    ]
}