{"id":"CVE-2017-14164","details":"A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152.","modified":"2026-04-16T06:16:02.594675149Z","published":"2017-09-06T18:29:00.193Z","related":["SUSE-SU-2017:2649-1","openSUSE-SU-2017:2685-1","openSUSE-SU-2017:2686-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201710-26"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/100677"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/issues/991"},{"type":"FIX","url":"https://blogs.gentoo.org/ago/2017/09/06/heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c-incomplete-fix-for-cve-2017-14152/"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/uclouvain/openjpeg","events":[{"introduced":"0"},{"fixed":"081de4b15f54cb4482035b7bf5e3fb443e4bc84b"},{"fixed":"dcac91b8c72f743bda7dbfa9032356bc8110098a"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.3.0"}]}}],"versions":["v2.2.0"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a","digest":{"length":1272,"function_hash":"246362622353506562901937487878210165662"},"deprecated":false,"target":{"file":"src/lib/openjp2/j2k.c","function":"opj_j2k_write_first_tile_part"},"id":"CVE-2017-14164-3217bcb5","signature_type":"Function","signature_version":"v1"},{"signature_version":"v1","digest":{"line_hashes":["77520807814330177997263651024380986369","105353595349503846722913235538008771908","89895794169247622514664150828873309969","129328633982734050575218659195877276800","285115700026428717276802670418379916870","294873472508823986668997713088519209227","75633213091478211799698737576648268196","129328633982734050575218659195877276800","200255710663574004309945924278005841641","339360644005884646373521995491840379208","148864852494827139251290488626998955789","228214504983815661966924663216636963189","219372197368247297417439841643537048766","242287417122725142497790193288582929759","194595698988203829741872300682963402548","285459584945254872658542090664114401406","267187771838915210308317151973059330113","265814875204664580680610501743719047850","194595698988203829741872300682963402548","285459584945254872658542090664114401406","267187771838915210308317151973059330113","265814875204664580680610501743719047850","194595698988203829741872300682963402548","285459584945254872658542090664114401406"],"threshold":0.9},"deprecated":false,"target":{"file":"src/lib/openjp2/j2k.c"},"id":"CVE-2017-14164-457e0a9c","signature_type":"Line","source":"https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a"},{"source":"https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a","digest":{"length":1933,"function_hash":"129069792382646580698162450588206815531"},"deprecated":false,"target":{"file":"src/lib/openjp2/j2k.c","function":"opj_j2k_write_all_tile_parts"},"id":"CVE-2017-14164-a6276a17","signature_type":"Function","signature_version":"v1"},{"source":"https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a","digest":{"length":731,"function_hash":"266252974888352074455458065740151539537"},"deprecated":false,"target":{"file":"src/lib/openjp2/j2k.c","function":"opj_j2k_write_sot"},"id":"CVE-2017-14164-ad31bff0","signature_type":"Function","signature_version":"v1"}],"vanir_signatures_modified":"2026-04-11T04:14:20Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14164.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}