Out-of-bounds Write in openjpeg2

Do your applications use this vulnerable package? Test your applications

Overview

In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.

References

CVE Details
Debian Security Advisory
Debian Security Announcement
Debian Security Tracker
GitHub Issue
Ubuntu CVE Tracker
Ubuntu Security Advisory

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2017-17480
CWE: CWE-787
Snyk ID: SNYK-DEBIAN9-OPENJPEG2-345798
Disclosed: 08 Dec, 2017
Published: 08 Dec, 2017

Out-of-bounds Write
Affecting openjpeg2 package, versions <2.1.2-1.1+deb9u3

Overview

References

CVSS Score

Out-of-bounds Write Affecting openjpeg2 package, versions <2.1.2-1.1+deb9u3

Overview

References

Out-of-bounds Write
Affecting openjpeg2 package, versions <2.1.2-1.1+deb9u3