SB2017092136 - Out-of-bounds write in openjpeg (Alpine package)
Published: September 21, 2017
Security Bulletin ID
SB2017092136
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2017-14040)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=5b27b635acbe69cadaffce1fbe4b69d8256c1315
- https://git.alpinelinux.org/aports/commit/?id=63abfe33f12495cf5ac86d5fd590f018538d33b1
- https://git.alpinelinux.org/aports/commit/?id=6dd49eeff4953456d2d668b4e7653967a44a4972
- https://git.alpinelinux.org/aports/commit/?id=37d59f95fa16221526cc7b2b0c49ccb6556b8697
- https://git.alpinelinux.org/aports/commit/?id=09b259c2958fc3c703f7bdc84ff7973eb5ee0aa1
- https://git.alpinelinux.org/aports/commit/?id=177eb88fc8668b0fd560c1836cd05bb17c29cad7
- https://git.alpinelinux.org/aports/commit/?id=59aa697c0bdb3436dc0c9a075f26a7c4b5d2fbe5
- https://git.alpinelinux.org/aports/commit/?id=ef3b99f91d4a5648a22401143dd0c2eb84ba81be