A size-validation issue was discovered in opjj2kwritesot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opjwritebytesLE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152.
[
{
"source": "https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a",
"target": {
"function": "opj_j2k_write_first_tile_part",
"file": "src/lib/openjp2/j2k.c"
},
"id": "CVE-2017-14164-3217bcb5",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "246362622353506562901937487878210165662",
"length": 1272.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a",
"target": {
"file": "src/lib/openjp2/j2k.c"
},
"id": "CVE-2017-14164-457e0a9c",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"77520807814330177997263651024380986369",
"105353595349503846722913235538008771908",
"89895794169247622514664150828873309969",
"129328633982734050575218659195877276800",
"285115700026428717276802670418379916870",
"294873472508823986668997713088519209227",
"75633213091478211799698737576648268196",
"129328633982734050575218659195877276800",
"200255710663574004309945924278005841641",
"339360644005884646373521995491840379208",
"148864852494827139251290488626998955789",
"228214504983815661966924663216636963189",
"219372197368247297417439841643537048766",
"242287417122725142497790193288582929759",
"194595698988203829741872300682963402548",
"285459584945254872658542090664114401406",
"267187771838915210308317151973059330113",
"265814875204664580680610501743719047850",
"194595698988203829741872300682963402548",
"285459584945254872658542090664114401406",
"267187771838915210308317151973059330113",
"265814875204664580680610501743719047850",
"194595698988203829741872300682963402548",
"285459584945254872658542090664114401406"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a",
"target": {
"function": "opj_j2k_write_all_tile_parts",
"file": "src/lib/openjp2/j2k.c"
},
"id": "CVE-2017-14164-a6276a17",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "129069792382646580698162450588206815531",
"length": 1933.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a",
"target": {
"function": "opj_j2k_write_sot",
"file": "src/lib/openjp2/j2k.c"
},
"id": "CVE-2017-14164-ad31bff0",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "266252974888352074455458065740151539537",
"length": 731.0
},
"signature_type": "Function"
}
]