A mishandled zero case was discovered in opjj2ksetcinemaparameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opjwritebytesLE in lib/openjp2/cio.c and opjj2kwritesot in lib/openjp2/j2k.c) or possibly remote code execution.
{ "vanir_signatures": [ { "digest": { "function_hash": "105578645563622443314201371290624258268", "length": 4254.0 }, "signature_type": "Function", "source": "https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154", "target": { "file": "src/lib/openjp2/j2k.c", "function": "opj_j2k_set_cinema_parameters" }, "signature_version": "v1", "deprecated": false, "id": "CVE-2017-14152-63ba3a6a" }, { "digest": { "threshold": 0.9, "line_hashes": [ "308025005294281653213076019752667815494", "227065759029890441679024896706262992106", "42882790499261636378281001273947051781", "219213369951758199751590784242710604146", "31827173989958076832903918781636325788", "334469496896688177254746696826643438638", "217005007046643028851499425417139786874" ] }, "signature_type": "Line", "source": "https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154", "target": { "file": "src/lib/openjp2/j2k.c" }, "signature_version": "v1", "deprecated": false, "id": "CVE-2017-14152-ca23623d" } ] }