#VU33226 Out-of-bounds write in OpenJPEG - CVE-2017-14041

Cybersecurity Help s.r.o.

Published: 2017-08-31 | Updated: 2020-08-03

Vulnerability identifier: #VU33226

Vulnerability risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-14041

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenJPEG
Universal components / Libraries / Libraries used by multiple products

Vendor: openjpeg.org

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.

Mitigation
Install update from vendor's website.

Vulnerable software versions

OpenJPEG: 2.2.0

External links
https://www.debian.org/security/2017/dsa-4013
https://www.securityfocus.com/bid/100555
https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/
https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9
https://github.com/uclouvain/openjpeg/issues/997

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Slackware Linux update for openjpeg

Out-of-bounds write in openjpeg (Alpine package)

Fedora 27 update for openjpeg2

Fedora 26 update for mingw-openjpeg2

Fedora 25 update for mingw-openjpeg2

Fedora 25 update for openjpeg2

Fedora 26 update for openjpeg2

Out-of-bounds write in OpenJPEG