CVE-2017-14164
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-14164
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14164.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-14164
- Downstream
- Related
- Published
- 2017-09-06T18:29:00Z
- Modified
- 2025-10-10T01:00:06.222840Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A size-validation issue was discovered in opjj2kwritesot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opjwritebytesLE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152.
- References
-
- http://www.securityfocus.com/bid/100677
- https://blogs.gentoo.org/ago/2017/09/06/heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c-incomplete-fix-for-cve-2017-14152/
- https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a
- https://github.com/uclouvain/openjpeg/issues/991
- https://security.gentoo.org/glsa/201710-26
Affected packages
Git / github.com/uclouvain/openjpeg
Affected ranges
- Type
- GIT
- Repo
- https://github.com/uclouvain/openjpeg
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2017-14164-3217bcb5",
"digest": {
"length": 1272.0,
"function_hash": "246362622353506562901937487878210165662"
},
"source": "https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a",
"target": {
"function": "opj_j2k_write_first_tile_part",
"file": "src/lib/openjp2/j2k.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2017-14164-457e0a9c",
"digest": {
"line_hashes": [
"77520807814330177997263651024380986369",
"105353595349503846722913235538008771908",
"89895794169247622514664150828873309969",
"129328633982734050575218659195877276800",
"285115700026428717276802670418379916870",
"294873472508823986668997713088519209227",
"75633213091478211799698737576648268196",
"129328633982734050575218659195877276800",
"200255710663574004309945924278005841641",
"339360644005884646373521995491840379208",
"148864852494827139251290488626998955789",
"228214504983815661966924663216636963189",
"219372197368247297417439841643537048766",
"242287417122725142497790193288582929759",
"194595698988203829741872300682963402548",
"285459584945254872658542090664114401406",
"267187771838915210308317151973059330113",
"265814875204664580680610501743719047850",
"194595698988203829741872300682963402548",
"285459584945254872658542090664114401406",
"267187771838915210308317151973059330113",
"265814875204664580680610501743719047850",
"194595698988203829741872300682963402548",
"285459584945254872658542090664114401406"
],
"threshold": 0.9
},
"source": "https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a",
"target": {
"file": "src/lib/openjp2/j2k.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2017-14164-a6276a17",
"digest": {
"length": 1933.0,
"function_hash": "129069792382646580698162450588206815531"
},
"source": "https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a",
"target": {
"function": "opj_j2k_write_all_tile_parts",
"file": "src/lib/openjp2/j2k.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2017-14164-ad31bff0",
"digest": {
"length": 731.0,
"function_hash": "266252974888352074455458065740151539537"
},
"source": "https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a",
"target": {
"function": "opj_j2k_write_sot",
"file": "src/lib/openjp2/j2k.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
}
]
}