First published: Wed Apr 14 2021(Updated: )
Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Uclouvain Openjpeg | =2.4.0 | |
Fedoraproject Fedora | =33 | |
Fedoraproject Fedora | =34 | |
Debian Debian Linux | =9.0 | |
debian/openjpeg2 | <=2.4.0-3 | 2.5.0-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-29338 is an integer overflow vulnerability in OpenJPEG v2.4.0 that allows remote attackers to crash the application, causing a Denial of Service (DoS).
CVE-2021-29338 affects Uclouvain Openjpeg 2.4.0, causing it to crash when an attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.
CVE-2021-29338 affects Fedoraproject Fedora 33 and 34, causing the application to crash when an attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.
CVE-2021-29338 affects Debian Debian Linux 9.0, causing the application to crash when an attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.
CVE-2021-29338 has a severity rating of 5.5, which is considered medium.
To mitigate the CVE-2021-29338 vulnerability, it is recommended to update OpenJPEG to a version that is not affected by this vulnerability.