5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
60.1%
Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the
application, causing a Denial of Service (DoS). This occurs when the
attacker uses the command line option “-ImgDir” on a directory that
contains 1048576 files.
Author | Note |
---|---|
iconstantin | ghostscript 9.26~dfsg+0-0ubuntu0.16.04.14+esm2 for xenial was released to address this CVE but it was thereafter determined that the impacted code is not compiled and so the package is not vulnerable. still need to verify if commits from PR 1397 and 1398 should be included as part of our patch. |
sbeattie | fix is being worked in pull request 1346. |
mdeslaur | this only affects the opj_* tools in the liopenjp2-tools universe package |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | blender | < any | UNKNOWN |
ubuntu | 20.04 | noarch | blender | < any | UNKNOWN |
ubuntu | 22.04 | noarch | blender | < any | UNKNOWN |
ubuntu | 23.10 | noarch | blender | < any | UNKNOWN |
ubuntu | 16.04 | noarch | blender | < any | UNKNOWN |
ubuntu | 18.04 | noarch | insighttoolkit4 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | insighttoolkit4 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | insighttoolkit4 | < any | UNKNOWN |
ubuntu | 16.04 | noarch | insighttoolkit4 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | openjpeg2 | < any | UNKNOWN |
github.com/uclouvain/openjpeg/pull/1346
github.com/uclouvain/openjpeg/pull/1395
github.com/uclouvain/openjpeg/pull/1396
github.com/uclouvain/openjpeg/pull/1397
github.com/uclouvain/openjpeg/pull/1398
launchpad.net/bugs/cve/CVE-2021-29338
nvd.nist.gov/vuln/detail/CVE-2021-29338
security-tracker.debian.org/tracker/CVE-2021-29338
www.cve.org/CVERecord?id=CVE-2021-29338
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
60.1%