CVE-2021-29338

CVE-2021-29338

Name

CVE-2021-29338

Description

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://github.com/uclouvain/openjpeg/issues/1338
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/
Mailing List	https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/
Third Party Advisory	https://security.gentoo.org/glsa/202209-04
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/04/msg00002.html

Type

URI

Exploit

https://github.com/uclouvain/openjpeg/issues/1338

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/

Mailing List

https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/

Third Party Advisory

https://security.gentoo.org/glsa/202209-04

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/04/msg00002.html

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:uclouvain:openjpeg:2.4.0:::::::*`	openjpeg	== None	== 2.4.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:uclouvain:openjpeg:2.4.0:*:*:*:*:*:*:*

openjpeg

== None

== 2.4.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
openjpeg	edge-main	2.4.0-r4	Francesco Colista <fcolista@alpinelinux.org>	fixed
openjpeg	edge-main	2.4.0-r3	Francesco Colista <fcolista@alpinelinux.org>	fixed
openjpeg	edge-main	2.4.0-r2	Francesco Colista <fcolista@alpinelinux.org>	fixed
openjpeg	edge-main	2.4.0-r1	Francesco Colista <fcolista@alpinelinux.org>	fixed
openjpeg	edge-main	2.4.0-r0	None	possibly vulnerable
openjpeg	3.22-main	2.4.0-r1	None	fixed
openjpeg	3.22-main	2.4.0-r0	None	possibly vulnerable
openjpeg	3.21-main	2.4.0-r1	None	fixed
openjpeg	3.21-main	2.4.0-r0	None	possibly vulnerable
openjpeg	3.20-main	2.4.0-r1	None	fixed
openjpeg	3.20-main	2.4.0-r0	None	possibly vulnerable
openjpeg	3.19-main	2.4.0-r1	None	fixed
openjpeg	3.19-main	2.4.0-r0	None	possibly vulnerable
openjpeg	3.18-main	2.4.0-r1	None	fixed
openjpeg	3.17-main	2.4.0-r1	None	fixed
openjpeg	3.12-main	2.4.0-r1	Francesco Colista <fcolista@alpinelinux.org>	fixed
openjpeg	3.11-main	2.4.0-r1	Francesco Colista <fcolista@alpinelinux.org>	fixed
openjpeg	3.10-main	2.4.0-r1	Francesco Colista <fcolista@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

openjpeg

edge-main

2.4.0-r4

Francesco Colista <fcolista@alpinelinux.org>

fixed

openjpeg

edge-main