CVE-2017-14040

An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.

References

Affected packages

Git / github.com/uclouvain/openjpeg

Affected ranges

Type

GIT

Repo

https://github.com/uclouvain/openjpeg

Events

Introduced

Last affected

3d7cde5fc9fbc5618d02160900d32e02ed12a00e

Fixed

2cd30c2b06ce332dede81cccad8b334cde997281

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.0"
        }
    ]
}

Affected versions

v2.*

v2.2.0

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    }
]

vanir_signatures

[
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2017-14040-331ba8bd",
        "target": {
            "file": "src/bin/jp2/convert.c",
            "function": "tgatoimage"
        },
        "digest": {
            "length": 3699.0,
            "function_hash": "66090434281455959844665154648051738419"
        },
        "signature_version": "v1",
        "source": "https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2017-14040-46249ede",
        "target": {
            "file": "src/bin/jp2/convert.c",
            "function": "get_ushort"
        },
        "digest": {
            "length": 217.0,
            "function_hash": "167788260771497595903386050576808750588"
        },
        "signature_version": "v1",
        "source": "https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2017-14040-6e8df9fd",
        "target": {
            "file": "src/bin/jp2/convert.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "23525036583353418219320625966324550802",
                "177327374119435514219145268307399613089",
                "320623253887673411484520483589847192131",
                "292835775766298235912524706889006590080",
                "112012328534867882596683590143771823601",
                "53673022407700848319040940612564991516",
                "57555459998663249802015055391138480059",
                "15231687001431685197667587808981253486",
                "217640787295235956893042733445023631782",
                "311516972248278321224105276315001811102",
                "281182748761316883612476950947884525571",
                "265579774650878365822292963790672756851",
                "243979219833432046093380905842942841838",
                "37081014724010140555910374229781137214",
                "90807083015443714754204566778127861642",
                "111471989039993494687198901980907597582",
                "75508931994012076446955353194820426506",
                "226736906340592722759329902925316458757",
                "216467255423318053875574874476802357556",
                "255658464969642274031690919941005577119",
                "156822966723833280756110815668282640562",
                "281126177618215740790811151757715309287",
                "14077404740799291264839640468846001881",
                "124071256899131307689789756406006839288"
            ]
        },
        "signature_version": "v1",
        "source": "https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14040.json"