SB2017102510 - Out-of-bounds write in openjpeg (Alpine package)
Published: October 25, 2017
Security Bulletin ID
SB2017102510
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2017-14039)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=5b27b635acbe69cadaffce1fbe4b69d8256c1315
- https://git.alpinelinux.org/aports/commit/?id=63abfe33f12495cf5ac86d5fd590f018538d33b1
- https://git.alpinelinux.org/aports/commit/?id=6dd49eeff4953456d2d668b4e7653967a44a4972
- https://git.alpinelinux.org/aports/commit/?id=689783c89a5d3978325fa090adf406be0236eb0a
- https://git.alpinelinux.org/aports/commit/?id=89fe29bbad9afaa38e91399e623b77a726e77594
- https://git.alpinelinux.org/aports/commit/?id=37d59f95fa16221526cc7b2b0c49ccb6556b8697