[Pkg-phototools-devel] Bug#874115: openjpeg2: CVE-2017-14041: Stack-based buffer over-write in pgxtoimage function in bin/jp2/convert.c

Salvatore Bonaccorso carnil at debian.org
Sun Sep 3 13:06:24 UTC 2017


Source: openjpeg2
Version: 2.1.0-2
Severity: grave
Tags: upstream patch security
Forwarded: https://github.com/uclouvain/openjpeg/issues/997

Hi,

the following vulnerability was published for openjpeg2.

CVE-2017-14041[0]:
| A stack-based buffer overflow was discovered in the pgxtoimage function
| in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an
| out-of-bounds write, which may lead to remote denial of service or
| possibly remote code execution.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14041
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14041
[1] https://github.com/uclouvain/openjpeg/issues/997
[2] https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9

Regards,
Salvatore



More information about the Pkg-phototools-devel mailing list