[Pkg-phototools-devel] Bug#874118: openjpeg2: CVE-2017-14039: Heap-based buffer overflow in opj_t2_encode_packet function in lib/openjp2/t2.c
Salvatore Bonaccorso
carnil at debian.org
Sun Sep 3 13:34:38 UTC 2017
Source: openjpeg2
Version: 2.1.0-2
Severity: important
Tags: patch upstream security
Forwarded: https://github.com/uclouvain/openjpeg/issues/992
Hi,
the following vulnerability was published for openjpeg2.
CVE-2017-14039[0]:
| A heap-based buffer overflow was discovered in the opj_t2_encode_packet
| function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability
| causes an out-of-bounds write, which may lead to remote denial of
| service or possibly unspecified other impact.
The issue is covered by [3], so trying to reproduce the issue leads to
an assertion failure up to the version in sid instead.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-14039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14039
[1] https://github.com/uclouvain/openjpeg/issues/992
[2] https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e
[3] https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-phototools-devel
mailing list