CVE-2017-14039

🗓️ 30 Aug 2017 22:29:00Reported by ubuntu.comType

ubuntucve

ubuntucve🔗 ubuntu.com👁 35 Views

A heap-based buffer overflow in OpenJPEG 2.2.

Reporter	Title	Published	Views	Family All 39
AlpineLinux	CVE-2017-14039	30 Aug 201722:00	–	alpinelinux
CNVD	OpenJPEG heap buffer overflow vulnerability (CNVD-2017-28741)	31 Aug 201700:00	–	cnvd
CVE	CVE-2017-14039	30 Aug 201722:00	–	cve
Cvelist	CVE-2017-14039	30 Aug 201722:00	–	cvelist
Debian	[SECURITY] [DSA 4013-1] openjpeg2 security update	31 Oct 201722:01	–	debian
Debian CVE	CVE-2017-14039	30 Aug 201722:00	–	debiancve
Tenable Nessus	Debian DSA-4013-1 : openjpeg2 - security update	2 Nov 201700:00	–	nessus
Tenable Nessus	GLSA-201710-26 : OpenJPEG: Multiple vulnerabilities	23 Oct 201700:00	–	nessus
Tenable Nessus	openSUSE Security Update : openjpeg2 (openSUSE-2017-1142)	11 Oct 201700:00	–	nessus
Tenable Nessus	RHEL 6 : openjpeg (Unpatched Vulnerability)	11 May 202400:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	18.04	any	openjpeg2	2.3.0-1	openjpeg2_2.3.0-1_any.deb
Ubuntu	18.10	any	openjpeg2	2.3.0-1	openjpeg2_2.3.0-1_any.deb
Ubuntu	19.04	any	openjpeg2	2.3.0-1	openjpeg2_2.3.0-1_any.deb
Ubuntu	19.10	any	openjpeg2	2.3.0-1	openjpeg2_2.3.0-1_any.deb
Ubuntu	16.04	any	openjpeg2	2.1.2-1.1+deb9u2build0.1	openjpeg2_2.1.2-1.1+deb9u2build0.1_any.deb
Ubuntu	17.04	any	openjpeg2	2.1.2-1.1+deb9u2build0.17.04.1	openjpeg2_2.1.2-1.1+deb9u2build0.17.04.1_any.deb

Source	Link
github	www.github.com/uclouvain/openjpeg/issues/992
blogs	www.blogs.gentoo.org/ago/2017/08/28/openjpeg-heap-based-buffer-overflow-in-opj_t2_encode_packet-t2-c/
github	www.github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e
cve	www.cve.org/CVERecord

25 Aug 2025 22:24Current

7High risk

Vulners AI Score7

CVSS 26.8

CVSS 3.18.8

EPSS0.00674

heap-based buffer overflow openjpeg 2.2.0 out-of-bounds write remote denial of service unspecified impact unix