CVE-2017-14164
Gentoo Linux Security Advisory 201710-26
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152.
Existe un error de validación de tamaño en opj_j2k_write_sot en lib/openjp2/j2k.c en OpenJPEG 2.2.0. La vulnerabilidad da lugar a una escritura fuera de límites que puede causar una denegación de servicio remota (desbordamiento de búfer basado en montículos que afecta a opj_write_bytes_LE en lib/openjp2/cio.c) o una posible ejecución remota de código. NOTA: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2017-14152.
Multiple vulnerabilities have been found in OpenJPEG, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 2.3.0:2 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-09-06 CVE Reserved
- 2017-09-06 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-787: Out-of-bounds Write
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/100677 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201710-26 | 2021-02-02 |