{"id":"CVE-2017-14040","details":"An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.","modified":"2026-04-16T01:38:51.868345019Z","published":"2017-08-30T22:29:00.250Z","related":["SUSE-SU-2017:2649-1","openSUSE-SU-2017:2685-1","openSUSE-SU-2017:2686-1","openSUSE-SU-2024:11120-1"],"references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-4013"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/100553"},{"type":"ADVISORY","url":"https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-memory-write-in-tgatoimage-convert-c/"},{"type":"ADVISORY","url":"https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281"},{"type":"ADVISORY","url":"https://github.com/uclouvain/openjpeg/issues/995"},{"type":"REPORT","url":"https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281"},{"type":"REPORT","url":"https://github.com/uclouvain/openjpeg/issues/995"},{"type":"FIX","url":"https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-memory-write-in-tgatoimage-convert-c/"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/issues/995"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/uclouvain/openjpeg","events":[{"introduced":"0"},{"fixed":"2cd30c2b06ce332dede81cccad8b334cde997281"}]}],"versions":["v2.2.0"],"database_specific":{"vanir_signatures":[{"signature_type":"Function","source":"https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281","id":"CVE-2017-14040-331ba8bd","signature_version":"v1","target":{"function":"tgatoimage","file":"src/bin/jp2/convert.c"},"digest":{"length":3699,"function_hash":"66090434281455959844665154648051738419"},"deprecated":false},{"signature_type":"Function","source":"https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281","id":"CVE-2017-14040-46249ede","signature_version":"v1","target":{"function":"get_ushort","file":"src/bin/jp2/convert.c"},"digest":{"length":217,"function_hash":"167788260771497595903386050576808750588"},"deprecated":false},{"signature_type":"Line","source":"https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281","id":"CVE-2017-14040-6e8df9fd","signature_version":"v1","target":{"file":"src/bin/jp2/convert.c"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["23525036583353418219320625966324550802","177327374119435514219145268307399613089","320623253887673411484520483589847192131","292835775766298235912524706889006590080","112012328534867882596683590143771823601","53673022407700848319040940612564991516","57555459998663249802015055391138480059","15231687001431685197667587808981253486","217640787295235956893042733445023631782","311516972248278321224105276315001811102","281182748761316883612476950947884525571","265579774650878365822292963790672756851","243979219833432046093380905842942841838","37081014724010140555910374229781137214","90807083015443714754204566778127861642","111471989039993494687198901980907597582","75508931994012076446955353194820426506","226736906340592722759329902925316458757","216467255423318053875574874476802357556","255658464969642274031690919941005577119","156822966723833280756110815668282640562","281126177618215740790811151757715309287","14077404740799291264839640468846001881","124071256899131307689789756406006839288"]}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-14040.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}