Home

CVE-2021-29338

Description

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option -ImgDir on a directory that contains 1048576 files.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.093

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2022:1129-1(SUSE Linux Enterprise Server 12-SP5 ) libopenjp2-7-2.1.0-4.15.1.x86_64.rpmLinux
SUSE-SU-2022:1129-1(SUSE Linux Enterprise Server 12-SP5 ) libopenjp2-7-debuginfo-2.1.0-4.15.1.x86_64.rpmLinux
SUSE-SU-2022:1129-1(SUSE Linux Enterprise Server 12-SP5 ) openjpeg2-debuginfo-2.1.0-4.15.1.x86_64.rpmLinux
SUSE-SU-2022:1129-1(SUSE Linux Enterprise Server 12-SP5 ) openjpeg2-debugsource-2.1.0-4.15.1.x86_64.rpmLinux
openjpeg2 Security Update (ALAS-2023-040) openjpeg2-2.4.0-11.amzn2023.0.3.x86_64.rpmLinux
openjpeg2 Security Update (ALAS-2023-040) openjpeg2-devel-2.4.0-11.amzn2023.0.3.x86_64.rpmLinux
openjpeg2 Security Update (ALAS-2023-040) openjpeg2-tools-2.4.0-11.amzn2023.0.3.x86_64.rpmLinux
openjpeg2 Security Update (ALAS-2023-040) openjpeg2-devel-docs-2.4.0-11.amzn2023.0.3.noarch.rpmLinux
JPEG 2000 image compression/decompression library (USN-7083-1) libopenjp2-7_2.3.1-1ubuntu4.20.04.3_amd64.debLinux
JPEG 2000 image compression/decompression library (USN-7083-1) libopenjp2-7_2.3.1-1ubuntu4.20.04.3_i386.debLinux
JPEG 2000 image compression/decompression library (USN-7083-1) libopenjp2-7_2.4.0-6ubuntu0.2_amd64.debLinux
JPEG 2000 image compression/decompression library (USN-7083-1) libopenjp2-7_2.4.0-6ubuntu0.2_i386.debLinux
JPEG 2000 image compression/decompression library (USN-7083-1) libopenjp2-7_2.5.0-2ubuntu0.2_amd64.debLinux
JPEG 2000 image compression/decompression library (USN-7083-1) libopenjp2-7_2.5.0-2ubuntu0.2_i386.debLinux
JPEG 2000 image compression/decompression library (USN-7083-1) libopenjp2-7_2.5.0-2ubuntu1.1_amd64.debLinux
JPEG 2000 image compression/decompression library (USN-7083-1) libopenjp2-7_2.5.0-2ubuntu1.1_i386.debLinux
JPEG 2000 image compression/decompression library (USN-7083-1) libopenjp3d7_2.3.1-1ubuntu4.20.04.3_amd64.debLinux
JPEG 2000 image compression/decompression library (USN-7083-1) libopenjp3d7_2.3.1-1ubuntu4.20.04.3_i386.debLinux
JPEG 2000 image compression/decompression library (USN-7083-1) libopenjp3d7_2.4.0-6ubuntu0.2_amd64.debLinux
JPEG 2000 image compression/decompression library (USN-7083-1) libopenjp3d7_2.4.0-6ubuntu0.2_i386.debLinux
JPEG 2000 image compression/decompression library (USN-7083-1) libopenjpip7_2.3.1-1ubuntu4.20.04.3_amd64.debLinux
JPEG 2000 image compression/decompression library (USN-7083-1) libopenjpip7_2.3.1-1ubuntu4.20.04.3_i386.debLinux
JPEG 2000 image compression/decompression library (USN-7083-1) libopenjpip7_2.4.0-6ubuntu0.2_amd64.debLinux
JPEG 2000 image compression/decompression library (USN-7083-1) libopenjpip7_2.4.0-6ubuntu0.2_i386.debLinux
JPEG 2000 image compression/decompression library (USN-7083-1) libopenjpip7_2.5.0-2ubuntu0.2_amd64.debLinux
JPEG 2000 image compression/decompression library (USN-7083-1) libopenjpip7_2.5.0-2ubuntu0.2_i386.debLinux
JPEG 2000 image compression/decompression library (USN-7083-1) libopenjpip7_2.5.0-2ubuntu1.1_amd64.debLinux
JPEG 2000 image compression/decompression library (USN-7083-1) libopenjpip7_2.5.0-2ubuntu1.1_i386.debLinux
openjpeg2 Security Update (ALAS2023-2023-040) openjpeg2-2.4.0-11.amzn2023.0.3.x86_64.rpmLinux
openjpeg2 Security Update (ALAS2023-2023-040) openjpeg2-devel-2.4.0-11.amzn2023.0.3.x86_64.rpmLinux
openjpeg2 Security Update (ALAS2023-2023-040) openjpeg2-devel-docs-2.4.0-11.amzn2023.0.3.noarch.rpmLinux
openjpeg2 Security Update (ALAS2023-2023-040) openjpeg2-tools-2.4.0-11.amzn2023.0.3.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234