Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-14152

Опубликовано: 05 сент. 2017
Источник: nvd
CVSS3: 8.8
CVSS2: 6.8
EPSS Низкий

Описание

A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:uclouvain:openjpeg:2.2.0:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 77%
0.01089
Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2017-14152

CVSS3: 8.8
ubuntu
больше 8 лет назад

A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution.

redhat логотип

CVE-2017-14152

CVSS3: 3.3
redhat
больше 8 лет назад

A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution.

debian логотип

CVE-2017-14152

CVSS3: 8.8
debian
больше 8 лет назад

A mishandled zero case was discovered in opj_j2k_set_cinema_parameters ...

github логотип

GHSA-jr34-w4rh-v3j8

CVSS3: 8.8
github
больше 3 лет назад

A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution.

EPSS

Процентиль: 77%
0.01089
Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787