#VU33225 Out-of-bounds write in OpenJPEG - CVE-2017-14040

Cybersecurity Help s.r.o.

Published: 2017-08-31 | Updated: 2020-08-03

Vulnerability identifier: #VU33225

Vulnerability risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-14040

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenJPEG
Universal components / Libraries / Libraries used by multiple products

Vendor: openjpeg.org

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.

Mitigation
Install update from vendor's website.

Vulnerable software versions

OpenJPEG: 2.2.0

External links
https://www.debian.org/security/2017/dsa-4013
https://www.securityfocus.com/bid/100553
https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-memory-write-in-tgatoimage-convert-c/
https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281
https://github.com/uclouvain/openjpeg/issues/995

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Slackware Linux update for openjpeg

Out-of-bounds write in openjpeg (Alpine package)

Fedora 27 update for openjpeg2

Fedora 26 update for mingw-openjpeg2

Fedora 25 update for mingw-openjpeg2

Fedora 25 update for openjpeg2

Fedora 26 update for openjpeg2

Out-of-bounds write in OpenJPEG