ALAS2023-2023-040 --- openjpeg2ID: oval:org.secpod.oval:def:19500177 | Date: (C)2023-06-12 (M)2023-06-12 |
Class: PATCH | Family: unix |
There is a flaw in the opj2_compress program in openjpeg2. An attacker who is able to submit a large number of image files to be processed in a directory by opj2_compress, could trigger a heap out-of-bounds write due to an integer overflow, which is caused by the large number of image files. The greatest threat posed by this flaw is to confidentiality, integrity, and availability. A flaw was found in the opj2_decompress program in openjpeg2 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free on an uninitialized pointer, leading to a segmentation fault and a denial of service
Platform: |
Amazon Linux 2023 |