First published: Fri Dec 08 2017(Updated: )
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Uclouvain Openjpeg | =2.3.0 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Canonical Ubuntu Linux | =18.04 | |
debian/openjpeg2 | 2.4.0-3 2.5.0-2 |
https://github.com/uclouvain/openjpeg/pull/1160/commits/0bc90e4062a5f9258c91eca018c019b179066c62
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-17480 is critical with a severity value of 9.8.
CVE-2017-17480 affects OpenJPEG version 2.3.0.
CVE-2017-17480 may lead to remote denial of service or possibly remote code execution.
You can fix CVE-2017-17480 by updating OpenJPEG to version 2.3.1.
You can find more information about CVE-2017-17480 at the following references: [GitHub](https://github.com/uclouvain/openjpeg/issues/1044), [Debian LTS](https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html), [Ubuntu Security Notices](https://usn.ubuntu.com/4109-1/).