What is CVE-2021-29338?

CVE-2021-29338 is an integer overflow vulnerability in OpenJPEG v2.4.0 that allows remote attackers to crash the application, causing a Denial of Service (DoS).

How does CVE-2021-29338 affect Uclouvain Openjpeg?

CVE-2021-29338 affects Uclouvain Openjpeg 2.4.0, causing it to crash when an attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.

How does CVE-2021-29338 affect Fedoraproject Fedora 33 and 34?

CVE-2021-29338 affects Fedoraproject Fedora 33 and 34, causing the application to crash when an attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.

How does CVE-2021-29338 affect Debian Debian Linux 9.0?

CVE-2021-29338 affects Debian Debian Linux 9.0, causing the application to crash when an attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.

What is the severity of CVE-2021-29338?

CVE-2021-29338 has a severity rating of 5.5, which is considered medium.

How can I mitigate the CVE-2021-29338 vulnerability?

To mitigate the CVE-2021-29338 vulnerability, it is recommended to update OpenJPEG to a version that is not affected by this vulnerability.

Vulnerability/
CVE-2021-29338

medium

5.5

CWE

190

14/4/2021

3/8/2024

CVE-2021-29338: Integer Overflow

First published: Wed Apr 14 2021(Updated: )

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Uclouvain Openjpeg	=2.4.0
Fedoraproject Fedora	=33
Fedoraproject Fedora	=34
Debian Debian Linux	=9.0
debian/openjpeg2	<=2.4.0-3	2.5.0-2

Remedy

https://github.com/uclouvain/openjpeg/issues/1338

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-29338?
CVE-2021-29338 is an integer overflow vulnerability in OpenJPEG v2.4.0 that allows remote attackers to crash the application, causing a Denial of Service (DoS).
How does CVE-2021-29338 affect Uclouvain Openjpeg?
CVE-2021-29338 affects Uclouvain Openjpeg 2.4.0, causing it to crash when an attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.
How does CVE-2021-29338 affect Fedoraproject Fedora 33 and 34?
CVE-2021-29338 affects Fedoraproject Fedora 33 and 34, causing the application to crash when an attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.
How does CVE-2021-29338 affect Debian Debian Linux 9.0?
CVE-2021-29338 affects Debian Debian Linux 9.0, causing the application to crash when an attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.
What is the severity of CVE-2021-29338?
CVE-2021-29338 has a severity rating of 5.5, which is considered medium.
How can I mitigate the CVE-2021-29338 vulnerability?
To mitigate the CVE-2021-29338 vulnerability, it is recommended to update OpenJPEG to a version that is not affected by this vulnerability.

collector/nvd-index
agent/type
agent/softwarecombine
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2021-29338
agent/remedy
agent/severity
agent/weakness
agent/author
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
collector/usn-cve
source/Ubuntu
agent/references
agent/tags
agent/event
agent/description
collector/launchpad-cve
source/Launchpad
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
collector/nvd-cve
source/NVD
vendor/uclouvain
canonical/uclouvain openjpeg
version/uclouvain openjpeg/2.4.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/33
version/fedoraproject fedora/34
vendor/debian
canonical/debian debian linux
version/debian debian linux/9.0
package-manager/debian