AIKIDO-2024-10531
uclouvain.openjpeg is vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
95
Critical Risk
This Affects:
uclouvain.openjpegTL;DR
Affected versions of this package rely on a vulnerable version of the LibTiff library in their source files. Specifically, tif_write.c in LibTiff version 4.0.6 contains a flaw in the error-handling code path of the TIFFFlushData1() function. This function fails to reset the tif_rawcc and tif_rawcp members properly, leading to a heap buffer overflow. This vulnerability may result in memory corruption and potential exploitation by attackers.
Who does this affect?
You are affected if you are using a vulnerable version of the package.
Background info
uclouvain.openjpeg is vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer in versions 1.3.0 - 2.5.2.
How to fix this
Upgrade the uclouvain.openjpeg library to the patch version.
Links
Other
github.com/uclouvain/openjpeg/blob/v2.5.3/CHANGELOG.md
rhn.redhat.com/errata/RHSA-2017-0225.htmldebian.org/security/2017/dsa-3762securityfocus.com/bid/94484securityfocus.com/bid/94743
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant