CVE-2022-1122

openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.

Se ha encontrado un fallo en el programa opj2_decompress de openjpeg2 versión 2.4.0, en la forma en que maneja un directorio de entrada con un gran número de archivos. Cuando no asigna un búfer para almacenar los nombres de los archivos del directorio de entrada, llama a free() sobre un puntero no inicializado, conllevando a un fallo de segmentación y una denegación de servicio

A flaw was found in the opj2_decompress program in openjpeg2 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.

An update that fixes 13 vulnerabilities is now available. This update for openjpeg2 fixes the following issues. Fixed integer overflow vulnerability in theopj_t1_encode_cblks function. Fixed integer overflow caused by an out-of-bounds leftshift in the opj_j2k_setup_encoder function. Fixed excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Fixed division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c. Fixed missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c. Fixed heap-based buffer overflow function t2_encode_packet in lib/openmj2/t2.c. Fixed division-by-zero in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.ci. Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor. Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c. Fixed use-after-free if t a mix of valid and invalid files in a directory operated on by the decompressor. Fixed heap buffer over-write in opj_tcd_dc_level_shift_encode. Fixed integer overflow that allows remote attackers to crash the application. Fixed segmentation fault in opj2_decompress due to uninitialized pointer.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-03-28 CVE Reserved
2022-03-29 CVE Published
2024-08-02 CVE Updated
2025-06-06 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-665: Improper Initialization
CWE-824: Access of Uninitialized Pointer

CAPEC

References (8)

URL	Tag	Source
https://github.com/uclouvain/openjpeg/issues/1368	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html	Mailing List

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MIWSQFQWXDU4MT3XTVAO6HC7TVL3NHS7	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKBAMK2CAM5TMC5TODKVCE5AAPTD5YV	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROSN5NRUFOH7HGLJ4ZSKPGAKLFXJALW4	2023-11-07
https://security.gentoo.org/glsa/202209-04	2023-11-07
https://access.redhat.com/security/cve/CVE-2022-1122	2022-11-15
https://bugzilla.redhat.com/show_bug.cgi?id=2067052	2022-11-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Uclouvain Search vendor "Uclouvain"		Openjpeg Search vendor "Uclouvain" for product "Openjpeg"				2.4.0 Search vendor "Uclouvain" for product "Openjpeg" and version "2.4.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				34 Search vendor "Fedoraproject" for product "Fedora" and version "34"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				35 Search vendor "Fedoraproject" for product "Fedora" and version "35"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				36 Search vendor "Fedoraproject" for product "Fedora" and version "36"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected