{"id":"CVE-2017-14039","details":"A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.","modified":"2026-04-16T01:39:21.322502070Z","published":"2017-08-30T22:29:00.203Z","related":["SUSE-SU-2017:2649-1","openSUSE-SU-2017:2685-1","openSUSE-SU-2017:2686-1","openSUSE-SU-2024:11120-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"8.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"9.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"}]},"references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-4013"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/100550"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201710-26"},{"type":"FIX","url":"https://blogs.gentoo.org/ago/2017/08/28/openjpeg-heap-based-buffer-overflow-in-opj_t2_encode_packet-t2-c/"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/issues/992"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/uclouvain/openjpeg","events":[{"introduced":"0"},{"fixed":"081de4b15f54cb4482035b7bf5e3fb443e4bc84b"},{"fixed":"c535531f03369623b9b833ef41952c62257b507e"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"2.3.0"}],"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*"}}],"versions":["v2.2.0"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","target":{"file":"src/lib/openjp2/t2.c"},"id":"CVE-2017-14039-2c102b92","deprecated":false,"source":"https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["91843015131909262611516801983236892286","287089807267592804258651948075147523393","271147091074695616198156650530548938695","232139246865052873213394828111752795814","132407218946716406511236008697983674787","140818366234325725951162001091792728676","257713435077287072716520241305791031045","307940706585755257162283875149548706908"]}},{"deprecated":false,"target":{"file":"src/lib/openjp2/t2.c","function":"opj_t2_encode_packet"},"id":"CVE-2017-14039-7beeb664","signature_version":"v1","signature_type":"Function","source":"https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e","digest":{"length":5107,"function_hash":"305364326982495910255902172214619275892"}},{"deprecated":false,"target":{"function":"opj_j2k_write_sot","file":"src/lib/openjp2/j2k.c"},"id":"CVE-2017-14039-934511cd","signature_version":"v1","source":"https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e","signature_type":"Function","digest":{"length":879,"function_hash":"333197779534767222267329773720581898577"}},{"signature_version":"v1","target":{"file":"src/lib/openjp2/j2k.c"},"id":"CVE-2017-14039-9bf28b2f","deprecated":false,"source":"https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["10836218539523676017936851795172491646","186323259111068633802763598633648888639","223393692161991537137424614845306178212","299371021208939660984199255457571383018","59723713253829720829761025772323854186","184991792299470983867997235842132132042","67164973024348438351225583009452067737"]}},{"deprecated":false,"target":{"function":"opj_j2k_write_sod","file":"src/lib/openjp2/j2k.c"},"id":"CVE-2017-14039-e5841632","signature_version":"v1","source":"https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e","signature_type":"Function","digest":{"length":981,"function_hash":"41830172812418987381565082670664732618"}}],"vanir_signatures_modified":"2026-04-11T15:42:42Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-14039.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}