{"id":"CVE-2021-29338","details":"Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option \"-ImgDir\" on a directory that contains 1048576 files.","modified":"2026-03-20T11:40:12.279153Z","published":"2021-04-14T14:15:14.133Z","related":["ALSA-2021:4251","MGASA-2021-0216","SUSE-SU-2022:1129-1","SUSE-SU-2022:1252-1","SUSE-SU-2022:1296-1","openSUSE-SU-2024:13571-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00002.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202209-04"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/issues/1338"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/uclouvain/openjpeg","events":[{"introduced":"0"},{"last_affected":"37ac30ceff6640bbab502388c5e0fa0bff23f505"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.4.0"}]}}],"versions":["v2.2.0","v2.3.0","v2.3.1","v2.4.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-29338.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}