CVE-2017-14039

Published: 08/30/2017 22:29:00
A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
HIGH
CVSS v3: 8.8

Status

DocFilters Release Package State Justification Comment
25.1 openjpeg (2.5.0) Not Affected Code Not Present 2.5.0 does not match CVE configuration.
24.4 openjpeg (2.5.0) Not Affected Code Not Present 2.5.0 does not match CVE configuration.
24.4.0 openjpeg (2.5.0) Not Affected Code Not Present 2.5.0 does not match CVE configuration.
24.3 openjpeg (2.5.0) Not Affected Code Not Present 2.5.0 does not match CVE configuration.
24.2.1 openjpeg (2.5.0) Not Affected Code Not Present 2.5.0 does not match CVE configuration.
24.2 openjpeg (2.5.0) Not Affected Code Not Present 2.5.0 does not match CVE configuration.
24.1 openjpeg (2.5.0) Not Affected Code Not Present 2.5.0 does not match CVE configuration.
23.3 openjpeg (2.5.0) Not Affected Code Not Present 2.5.0 does not match CVE configuration.
23.2.1 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
23.2 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
23.1 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
22.4 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
22.3 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
22.2 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
22.1 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
21.11.1 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
21.11 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
21.8.1 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
21.8 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
21.5.1 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
21.5.0 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
21.2.0 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
11.4.20 openjpeg (2.3.1) Not Affected Code Not Present 2.3.1 does not match CVE configuration.
11.4.19.3667 openjpeg (2.3.1) Not Affected Code Not Present 2.3.1 does not match CVE configuration.
11.4.18.3599 openjpeg (2.3.1) Not Affected Code Not Present 2.3.1 does not match CVE configuration.
11.4.17 openjpeg (2.3.1) Not Affected Code Not Present 2.3.1 does not match CVE configuration.
11.4.16.3445 openjpeg (2.3.1) Not Affected Code Not Present 2.3.1 does not match CVE configuration.
11.4.15.3368 openjpeg (2.3.1) Not Affected Code Not Present 2.3.1 does not match CVE configuration.
11.4.14.3263 openjpeg (2.3.0) Not Affected Code Not Present 2.3.0 does not match CVE configuration.
11.4.13.3179 openjpeg (2.3.0) Not Affected Code Not Present 2.3.0 does not match CVE configuration.
11.4.12.3054 openjpeg (2.3.0) Not Affected Code Not Present 2.3.0 does not match CVE configuration.
11.4.11.3040 openjpeg (2.3.0) Not Affected Code Not Present 2.3.0 does not match CVE configuration.
11.4.11.2990 openjpeg (2.3.0) Not Affected Code Not Present 2.3.0 does not match CVE configuration.
11.4.10.2934 openjpeg (2.3.0) Not Affected Code Not Present 2.3.0 does not match CVE configuration.
11.4.9.2878 openjpeg (2.3.0) Not Affected Code Not Present 2.3.0 does not match CVE configuration.

Severity score breakdown

Attack Complexity
LOW
Attack Vector
NETWORK
Availability Impact
HIGH
Base Score
8.8
Base Severity
HIGH
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
REQUIRED
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version
3.1

References