CVE-2017-14040

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-14040
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14040.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-14040
Downstream
Related
Published
2017-08-30T22:29:00Z
Modified
2025-11-19T06:55:56.318549Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.

References

Affected packages

Git / github.com/uclouvain/openjpeg

Affected ranges

Type
GIT
Repo
https://github.com/uclouvain/openjpeg
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2cd30c2b06ce332dede81cccad8b334cde997281

Affected versions

v2.*

v2.2.0

Database specific

vanir_signatures

[
    {
        "id": "CVE-2017-14040-331ba8bd",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281",
        "target": {
            "function": "tgatoimage",
            "file": "src/bin/jp2/convert.c"
        },
        "digest": {
            "length": 3699.0,
            "function_hash": "66090434281455959844665154648051738419"
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2017-14040-46249ede",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281",
        "target": {
            "function": "get_ushort",
            "file": "src/bin/jp2/convert.c"
        },
        "digest": {
            "length": 217.0,
            "function_hash": "167788260771497595903386050576808750588"
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2017-14040-6e8df9fd",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281",
        "target": {
            "file": "src/bin/jp2/convert.c"
        },
        "digest": {
            "line_hashes": [
                "23525036583353418219320625966324550802",
                "177327374119435514219145268307399613089",
                "320623253887673411484520483589847192131",
                "292835775766298235912524706889006590080",
                "112012328534867882596683590143771823601",
                "53673022407700848319040940612564991516",
                "57555459998663249802015055391138480059",
                "15231687001431685197667587808981253486",
                "217640787295235956893042733445023631782",
                "311516972248278321224105276315001811102",
                "281182748761316883612476950947884525571",
                "265579774650878365822292963790672756851",
                "243979219833432046093380905842942841838",
                "37081014724010140555910374229781137214",
                "90807083015443714754204566778127861642",
                "111471989039993494687198901980907597582",
                "75508931994012076446955353194820426506",
                "226736906340592722759329902925316458757",
                "216467255423318053875574874476802357556",
                "255658464969642274031690919941005577119",
                "156822966723833280756110815668282640562",
                "281126177618215740790811151757715309287",
                "14077404740799291264839640468846001881",
                "124071256899131307689789756406006839288"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line"
    }
]