CVE-2021-29338

Name
CVE-2021-29338
Description
Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://github.com/uclouvain/openjpeg/issues/1338
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/
Mailing List https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:uclouvain:openjpeg:2.4.0:*:*:*:*:*:*:* openjpeg == None == 2.4.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
openjpeg 3.13-main 2.4.0-r1 Francesco Colista <fcolista@alpinelinux.org> fixed
openjpeg 3.12-main 2.4.0-r1 Francesco Colista <fcolista@alpinelinux.org> fixed
openjpeg 3.11-main 2.4.0-r1 Francesco Colista <fcolista@alpinelinux.org> fixed
openjpeg 3.10-main 2.4.0-r1 Francesco Colista <fcolista@alpinelinux.org> fixed
openjpeg 3.14-main 2.4.0-r1 Francesco Colista <fcolista@alpinelinux.org> fixed
openjpeg 3.15-main 2.4.0-r2 Francesco Colista <fcolista@alpinelinux.org> fixed