CVE-2017-14164

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-14164
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14164.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-14164
Downstream
Related
Published
2017-09-06T18:29:00Z
Modified
2025-10-10T01:00:06.222840Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A size-validation issue was discovered in opjj2kwritesot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opjwritebytesLE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152.

References

Affected packages

Git / github.com/uclouvain/openjpeg

Affected ranges

Type
GIT
Repo
https://github.com/uclouvain/openjpeg
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v2.*

v2.2.0

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2017-14164-3217bcb5",
            "digest": {
                "length": 1272.0,
                "function_hash": "246362622353506562901937487878210165662"
            },
            "source": "https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a",
            "target": {
                "function": "opj_j2k_write_first_tile_part",
                "file": "src/lib/openjp2/j2k.c"
            },
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2017-14164-457e0a9c",
            "digest": {
                "line_hashes": [
                    "77520807814330177997263651024380986369",
                    "105353595349503846722913235538008771908",
                    "89895794169247622514664150828873309969",
                    "129328633982734050575218659195877276800",
                    "285115700026428717276802670418379916870",
                    "294873472508823986668997713088519209227",
                    "75633213091478211799698737576648268196",
                    "129328633982734050575218659195877276800",
                    "200255710663574004309945924278005841641",
                    "339360644005884646373521995491840379208",
                    "148864852494827139251290488626998955789",
                    "228214504983815661966924663216636963189",
                    "219372197368247297417439841643537048766",
                    "242287417122725142497790193288582929759",
                    "194595698988203829741872300682963402548",
                    "285459584945254872658542090664114401406",
                    "267187771838915210308317151973059330113",
                    "265814875204664580680610501743719047850",
                    "194595698988203829741872300682963402548",
                    "285459584945254872658542090664114401406",
                    "267187771838915210308317151973059330113",
                    "265814875204664580680610501743719047850",
                    "194595698988203829741872300682963402548",
                    "285459584945254872658542090664114401406"
                ],
                "threshold": 0.9
            },
            "source": "https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a",
            "target": {
                "file": "src/lib/openjp2/j2k.c"
            },
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "id": "CVE-2017-14164-a6276a17",
            "digest": {
                "length": 1933.0,
                "function_hash": "129069792382646580698162450588206815531"
            },
            "source": "https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a",
            "target": {
                "function": "opj_j2k_write_all_tile_parts",
                "file": "src/lib/openjp2/j2k.c"
            },
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2017-14164-ad31bff0",
            "digest": {
                "length": 731.0,
                "function_hash": "266252974888352074455458065740151539537"
            },
            "source": "https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a",
            "target": {
                "function": "opj_j2k_write_sot",
                "file": "src/lib/openjp2/j2k.c"
            },
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Function"
        }
    ]
}