Description
The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.
References (4)
Core 4
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201710-26
Patch, Third Party Advisory, VDB Entry x_refsource_misc
https://blogs.gentoo.org/ago/2017/08/14/openjpeg-memory-allocation-failure-in-opj_aligned_alloc_n-opj_malloc-c/
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/uclouvain/openjpeg/issues/983
Scores
CVSS v3
5.5
EPSS
0.0040
EPSS Percentile
60.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
Status
published
Products (1)
uclouvain/openjpeg
< 2.3.0
Published
Aug 21, 2017
Tracked Since
Feb 18, 2026