Published: 30/08/2017 Updated: 02/02/2021

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An invalid write access exists in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.

Vulnerable Product	Search on Vulmon	Subscribe to Product
uclouvain openjpeg 2.2.0
debian debian linux 8.0
debian debian linux 9.0

Debian Bug report logs - #874117 openjpeg2: CVE-2017-14040: invalid memory write in tgatoimage Package: src:openjpeg2; Maintainer for src:openjpeg2 is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 3 Sep 2017 13:15:03 UTC ...

Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression / decompression library, may result in denial of service or the execution of arbitrary code if a malformed JPEG 2000 file is processed For the oldstable distribution (jessie), these problems have been fixed in version 210-2+deb8u3 For the stable distribution (stretch), these pr ...

An invalid write access was discovered in bin/jp2/convertc in OpenJPEG 220, triggering a crash in the tgatoimage function The vulnerability may lead to remote denial of service or possibly unspecified other impact ...

CWE-787 https://github.com/uclouvain/openjpeg/issues/995 https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281 https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-memory-write-in-tgatoimage-convert-c/http://www.securityfocus.com/bid/100553 http://www.debian.org/security/2017/dsa-4013 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874117 https://nvd.nist.gov https://www.debian.org/security/./dsa-4013

CVE-2017-14040

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect