CVE-2021-29338 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	Yes
Type	Denial of service
Description	Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1390	openjpeg2	2.4.0-1	2.5.0-1	Medium	Fixed

References
https://github.com/uclouvain/openjpeg/issues/1338 https://github.com/uclouvain/openjpeg/files/6194593/poc.zip https://github.com/uclouvain/openjpeg/pull/1346 https://github.com/uclouvain/openjpeg/pull/1346/commits/b4700bc09d55ac17ff6bef9b0a867f6de527be17

References

https://github.com/uclouvain/openjpeg/issues/1338
https://github.com/uclouvain/openjpeg/files/6194593/poc.zip
https://github.com/uclouvain/openjpeg/pull/1346
https://github.com/uclouvain/openjpeg/pull/1346/commits/b4700bc09d55ac17ff6bef9b0a867f6de527be17