The bmpreadinfoheader function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opjimagecreate function in lib/openjp2/image.c, related to the opjalignedallocn function in opj_malloc.c.
{ "vanir_signatures": [ { "id": "CVE-2017-12982-4cebdc3d", "digest": { "line_hashes": [ "32483295321228823534696507974797187153", "296002183442861096462899504896635776348", "37440565878080639574652199070067340010", "219591937768648570144702747136129848003" ], "threshold": 0.9 }, "target": { "file": "src/bin/jp2/convertbmp.c" }, "source": "https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7", "signature_version": "v1", "deprecated": false, "signature_type": "Line" }, { "id": "CVE-2017-12982-5279c3de", "digest": { "length": 5928.0, "function_hash": "105053355577131966731431843433851090146" }, "target": { "function": "bmp_read_info_header", "file": "src/bin/jp2/convertbmp.c" }, "source": "https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7", "signature_version": "v1", "deprecated": false, "signature_type": "Function" } ] }