openjpeg is vulnerable to denial of service (DoS). The vulnerability exists as the bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.
CPE | Name | Operator | Version |
---|---|---|---|
openjpeg:3.3 | eq | 2.1.2-r1 |