CVE-2021-29338

2021-04-1414:15:14

Debian Security Bug Tracker

security-tracker.debian.org

openjpeg

integer overflow

dos

remote attackers

command line option

imgdir

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

60.7%

JSON

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option “-ImgDir” on a directory that contains 1048576 files.

OSVersionArchitecturePackageVersionFilename
Debian12allopenjpeg2< 2.4.0-4openjpeg2_2.4.0-4_all.deb
Debian11allopenjpeg2<= 2.4.0-3openjpeg2_2.4.0-3_all.deb
Debian999allopenjpeg2< 2.4.0-4openjpeg2_2.4.0-4_all.deb
Debian13allopenjpeg2< 2.4.0-4openjpeg2_2.4.0-4_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	openjpeg2	< 2.4.0-4	openjpeg2_2.4.0-4_all.deb
Debian	11	all	openjpeg2	<= 2.4.0-3	openjpeg2_2.4.0-3_all.deb
Debian	999	all	openjpeg2	< 2.4.0-4	openjpeg2_2.4.0-4_all.deb
Debian	13	all	openjpeg2	< 2.4.0-4	openjpeg2_2.4.0-4_all.deb