CVE-2017-12982
21.08.2017, 07:29
The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| uclouvain | openjpeg | 𝑥 < 2.3.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ghostscript |
| ||||||||||||||||||||||||||||
| openjpeg |
| ||||||||||||||||||||||||||||
| openjpeg2 |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libopenjp2-7 |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| openjpeg2 |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| openjpeg2-devel |
|
Common Weakness Enumeration
References