Vulnerability Details CVE-2017-14040
An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- http://www.debian.org/security/2017/dsa-4013
- http://www.securityfocus.com/bid/100553
- https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-memory-write-in-tgatoimage-convert-c/
- https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281
- https://github.com/uclouvain/openjpeg/issues/995
- http://www.debian.org/security/2017/dsa-4013
- http://www.securityfocus.com/bid/100553
- https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-memory-write-in-tgatoimage-convert-c/
- https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281
- https://github.com/uclouvain/openjpeg/issues/995
Products affected by CVE-2017-14040
-
cpe:2.3:a:uclouvain:openjpeg:2.2.0
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0