[Secure-testing-team] Bug#874115: openjpeg2: CVE-2017-14041: Stack-based buffer over-write in pgxtoimage function in bin/jp2/convert.c
Salvatore Bonaccorso
carnil at debian.org
Sun Sep 3 13:06:24 UTC 2017
Source: openjpeg2
Version: 2.1.0-2
Severity: grave
Tags: upstream patch security
Forwarded: https://github.com/uclouvain/openjpeg/issues/997
Hi,
the following vulnerability was published for openjpeg2.
CVE-2017-14041[0]:
| A stack-based buffer overflow was discovered in the pgxtoimage function
| in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an
| out-of-bounds write, which may lead to remote denial of service or
| possibly remote code execution.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-14041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14041
[1] https://github.com/uclouvain/openjpeg/issues/997
[2] https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9
Regards,
Salvatore
More information about the Secure-testing-team
mailing list