{"id":"CVE-2017-14039","details":"A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.","modified":"2026-04-02T00:05:02.537541Z","published":"2017-08-30T22:29:00.203Z","related":["MGASA-2017-0481","SUSE-SU-2017:2649-1","openSUSE-SU-2017:2685-1","openSUSE-SU-2017:2686-1","openSUSE-SU-2024:11120-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201710-26"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-4013"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/100550"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/issues/992"},{"type":"FIX","url":"https://blogs.gentoo.org/ago/2017/08/28/openjpeg-heap-based-buffer-overflow-in-opj_t2_encode_packet-t2-c/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/uclouvain/openjpeg","events":[{"introduced":"0"},{"fixed":"081de4b15f54cb4482035b7bf5e3fb443e4bc84b"},{"fixed":"c535531f03369623b9b833ef41952c62257b507e"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.3.0"}]}}],"versions":["arelease","opj0-97","start","v2.1.1","v2.1.2","v2.2.0","version.1.1","version.1.2","version.1.3","version.1.4","version.1.5","version.1.5.1","version.1.5.2","version.2.0","version.2.0.1","version.2.1","wg1n6848"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","digest":{"line_hashes":["91843015131909262611516801983236892286","287089807267592804258651948075147523393","271147091074695616198156650530548938695","232139246865052873213394828111752795814","132407218946716406511236008697983674787","140818366234325725951162001091792728676","257713435077287072716520241305791031045","307940706585755257162283875149548706908"],"threshold":0.9},"id":"CVE-2017-14039-2c102b92","source":"https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e","signature_type":"Line","target":{"file":"src/lib/openjp2/t2.c"},"deprecated":false},{"signature_version":"v1","digest":{"function_hash":"305364326982495910255902172214619275892","length":5107},"id":"CVE-2017-14039-7beeb664","source":"https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e","signature_type":"Function","target":{"file":"src/lib/openjp2/t2.c","function":"opj_t2_encode_packet"},"deprecated":false},{"signature_version":"v1","digest":{"function_hash":"333197779534767222267329773720581898577","length":879},"id":"CVE-2017-14039-934511cd","source":"https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e","signature_type":"Function","target":{"file":"src/lib/openjp2/j2k.c","function":"opj_j2k_write_sot"},"deprecated":false},{"signature_version":"v1","digest":{"line_hashes":["10836218539523676017936851795172491646","186323259111068633802763598633648888639","223393692161991537137424614845306178212","299371021208939660984199255457571383018","59723713253829720829761025772323854186","184991792299470983867997235842132132042","67164973024348438351225583009452067737"],"threshold":0.9},"id":"CVE-2017-14039-9bf28b2f","source":"https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e","signature_type":"Line","target":{"file":"src/lib/openjp2/j2k.c"},"deprecated":false},{"signature_version":"v1","digest":{"function_hash":"41830172812418987381565082670664732618","length":981},"id":"CVE-2017-14039-e5841632","source":"https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e","signature_type":"Function","target":{"file":"src/lib/openjp2/j2k.c","function":"opj_j2k_write_sod"},"deprecated":false}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14039.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}