Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2021-29338

Published: 14/04/2021 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Openjpeg

Vulnerability Summary

Integer Overflow in OpenJPEG v2.4.0 allows remote malicious users to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

uclouvain openjpeg 2.4.0

fedoraproject fedora 33

fedoraproject fedora 34

debian debian linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2021-29338
Debian Bug report logs - #987276 CVE-2021-29338 Package: src:openjpeg2; Maintainer for src:openjpeg2 is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Tue, 20 Apr 2021 18:39:03 UTC Severity: important Tags: security, upstream Found ...
Amazon Linux 2: ALAS2-2022-1741
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pic in OpenJPEG through 230 allow remote attackers to cause a denial of service (application crash) (CVE-2018-20845) An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pic in Ope ...
Arch Linux Issues:
Integer Overflow in OpenJPEG v240 allows remote attackers to crash the application, causing a Denial of Service (DoS) This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files ...
Amazon Linux 2022: ALAS2022-2022-184
There is a flaw in the opj2_compress program in openjpeg2 An attacker who is able to submit a large number of image files to be processed in a directory by opj2_compress, could trigger a heap out-of-bounds write due to an integer overflow, which is caused by the large number of image files The greatest threat posed by this flaw is to confidential ...

References

CWE-190https://github.com/uclouvain/openjpeg/issues/1338https://lists.debian.org/debian-lts-announce/2022/04/msg00006.htmlhttps://security.gentoo.org/glsa/202209-04https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987276https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2022-1741.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761command injectionCVE-2024-3676IDORCVE-2024-30039CVE-2024-32113CVE-2024-30049CVE-2024-4776SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook