{"id":"CVE-2017-14040","details":"An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.","modified":"2026-04-02T00:03:52.918102Z","published":"2017-08-30T22:29:00.250Z","related":["MGASA-2017-0481","SUSE-SU-2017:2649-1","openSUSE-SU-2017:2685-1","openSUSE-SU-2017:2686-1","openSUSE-SU-2024:11120-1"],"references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-4013"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/100553"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/issues/995"},{"type":"FIX","url":"https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-memory-write-in-tgatoimage-convert-c/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/uclouvain/openjpeg","events":[{"introduced":"0"},{"last_affected":"3d7cde5fc9fbc5618d02160900d32e02ed12a00e"},{"fixed":"2cd30c2b06ce332dede81cccad8b334cde997281"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.2.0"}]}}],"versions":["arelease","opj0-97","start","v2.1.1","v2.1.2","v2.2.0","version.1.1","version.1.2","version.1.3","version.1.4","version.1.5","version.1.5.1","version.1.5.2","version.2.0","version.2.0.1","version.2.1","wg1n6848"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14040.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"vanir_signatures":[{"source":"https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281","target":{"function":"tgatoimage","file":"src/bin/jp2/convert.c"},"digest":{"function_hash":"66090434281455959844665154648051738419","length":3699},"id":"CVE-2017-14040-331ba8bd","deprecated":false,"signature_version":"v1","signature_type":"Function"},{"source":"https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281","target":{"function":"get_ushort","file":"src/bin/jp2/convert.c"},"digest":{"function_hash":"167788260771497595903386050576808750588","length":217},"id":"CVE-2017-14040-46249ede","deprecated":false,"signature_version":"v1","signature_type":"Function"},{"source":"https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281","target":{"file":"src/bin/jp2/convert.c"},"digest":{"threshold":0.9,"line_hashes":["23525036583353418219320625966324550802","177327374119435514219145268307399613089","320623253887673411484520483589847192131","292835775766298235912524706889006590080","112012328534867882596683590143771823601","53673022407700848319040940612564991516","57555459998663249802015055391138480059","15231687001431685197667587808981253486","217640787295235956893042733445023631782","311516972248278321224105276315001811102","281182748761316883612476950947884525571","265579774650878365822292963790672756851","243979219833432046093380905842942841838","37081014724010140555910374229781137214","90807083015443714754204566778127861642","111471989039993494687198901980907597582","75508931994012076446955353194820426506","226736906340592722759329902925316458757","216467255423318053875574874476802357556","255658464969642274031690919941005577119","156822966723833280756110815668282640562","281126177618215740790811151757715309287","14077404740799291264839640468846001881","124071256899131307689789756406006839288"]},"id":"CVE-2017-14040-6e8df9fd","deprecated":false,"signature_version":"v1","signature_type":"Line"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}