CVE-2022-1122
Published: 03/29/2022 18:15:07
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
MEDIUM
CVSS v3: 5.5
CVSS v3: 5.5
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 25.1 | openjpeg (2.5.0) | Not Affected | Code Not Present | not-exploitable: CVE is in opj2_decompress CLI tool not used by docfilters. |
| 24.4 | openjpeg (2.5.0) | Not Affected | Code Not Present | not-exploitable: CVE is in opj2_decompress CLI tool not used by docfilters. |
| 24.4.0 | openjpeg (2.5.0) | Not Affected | Code Not Present | not-exploitable: CVE is in opj2_decompress CLI tool not used by docfilters. |
| 24.3 | openjpeg (2.5.0) | Not Affected | Code Not Present | not-exploitable: CVE is in opj2_decompress CLI tool not used by docfilters. |
| 24.2.1 | openjpeg (2.5.0) | Not Affected | Code Not Present | not-exploitable: CVE is in opj2_decompress CLI tool not used by docfilters. |
| 24.2 | openjpeg (2.5.0) | Not Affected | Code Not Present | not-exploitable: CVE is in opj2_decompress CLI tool not used by docfilters. |
| 24.1 | openjpeg (2.5.0) | Not Affected | Code Not Present | not-exploitable: CVE is in opj2_decompress CLI tool not used by docfilters. |
| 23.3 | openjpeg (2.5.0) | Not Affected | Code Not Present | not-exploitable: CVE is in opj2_decompress CLI tool not used by docfilters. |
| 23.2.1 | openjpeg (2.4.0) | Not Affected | Code Not Present | not-exploitable: CVE is in opj2_decompress CLI tool not used by docfilters. |
| 23.2 | openjpeg (2.4.0) | Not Affected | Code Not Present | not-exploitable: CVE is in opj2_decompress CLI tool not used by docfilters. |
| 23.1 | openjpeg (2.4.0) | Not Affected | Code Not Present | not-exploitable: CVE is in opj2_decompress CLI tool not used by docfilters. |
| 22.4 | openjpeg (2.4.0) | Not Affected | Code Not Present | not-exploitable: CVE is in opj2_decompress CLI tool not used by docfilters. |
| 22.3 | openjpeg (2.4.0) | Needs Triage | not-exploitable: CVE is in opj2_decompress CLI tool not used by docfilters. | |
| 22.2 | openjpeg (2.4.0) | Needs Triage | not-exploitable: CVE is in opj2_decompress CLI tool not used by docfilters. | |
| 22.1 | openjpeg (2.4.0) | Needs Triage | ||
| 21.11.1 | openjpeg (2.4.0) | Needs Triage | ||
| 21.11 | openjpeg (2.4.0) | Needs Triage | ||
| 21.8.1 | openjpeg (2.4.0) | Needs Triage | ||
| 21.8 | openjpeg (2.4.0) | Needs Triage | ||
| 21.5.1 | openjpeg (2.4.0) | Needs Triage | ||
| 21.5.0 | openjpeg (2.4.0) | Needs Triage | ||
| 21.2.0 | openjpeg (2.4.0) | Needs Triage | ||
| 11.4.20 | openjpeg (2.3.1) | Not Affected | Code Not Present | 2.3.1 does not match CVE configuration. |
| 11.4.19.3667 | openjpeg (2.3.1) | Not Affected | Code Not Present | 2.3.1 does not match CVE configuration. |
| 11.4.18.3599 | openjpeg (2.3.1) | Not Affected | Code Not Present | 2.3.1 does not match CVE configuration. |
| 11.4.17 | openjpeg (2.3.1) | Not Affected | Code Not Present | 2.3.1 does not match CVE configuration. |
| 11.4.16.3445 | openjpeg (2.3.1) | Not Affected | Code Not Present | 2.3.1 does not match CVE configuration. |
| 11.4.15.3368 | openjpeg (2.3.1) | Not Affected | Code Not Present | 2.3.1 does not match CVE configuration. |
| 11.4.14.3263 | openjpeg (2.3.0) | Not Affected | Code Not Present | 2.3.0 does not match CVE configuration. |
| 11.4.13.3179 | openjpeg (2.3.0) | Not Affected | Code Not Present | 2.3.0 does not match CVE configuration. |
| 11.4.12.3054 | openjpeg (2.3.0) | Not Affected | Code Not Present | 2.3.0 does not match CVE configuration. |
| 11.4.11.3040 | openjpeg (2.3.0) | Not Affected | Code Not Present | 2.3.0 does not match CVE configuration. |
| 11.4.11.2990 | openjpeg (2.3.0) | Not Affected | Code Not Present | 2.3.0 does not match CVE configuration. |
| 11.4.10.2934 | openjpeg (2.3.0) | Not Affected | Code Not Present | 2.3.0 does not match CVE configuration. |
| 11.4.9.2878 | openjpeg (2.3.0) | Not Affected | Code Not Present | 2.3.0 does not match CVE configuration. |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
LOCAL
Availability Impact
HIGH
Base Score
5.5
Base Severity
MEDIUM
Confidentiality Impact
NONE
Integrity Impact
NONE
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
REQUIRED
Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Version
3.1