CVE-2017-12982
Gentoo Linux Security Advisory 201710-26
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.
La función bmp_read_info_header en bin/jp2/convertbmp.c en OpenJPEG 2.2.0 no rechaza encabezados con un biBitCount de cero. Esto permite que atacantes remotos provoquen una denegación de servicio (fallo de asignación de memoria) en la función opj_image_create en lib/openjp2/image.c, relacionado con la función opj_aligned_alloc_n en opj_malloc.c.
Multiple vulnerabilities have been found in OpenJPEG, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 2.3.0:2 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-08-21 CVE Reserved
- 2017-08-21 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201710-26 | 2021-02-02 |