Vulnerabilities > CVE-2021-3575 - Out-of-bounds Write vulnerability in multiple products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

NVD

Published: 2022-03-04

Updated: 2023-02-12

Summary

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.

Vulnerable Configurations

Part	Description	Count
Application	Uclouvain Uclouvain Openjpeg - Uclouvain Openjpeg 1.0 Uclouvain Openjpeg 1.1 Uclouvain Openjpeg 1.2 Uclouvain Openjpeg 1.3 Uclouvain Openjpeg 1.4 Uclouvain Openjpeg 1.5 Uclouvain Openjpeg 1.5.1 Uclouvain Openjpeg 1.5.2 Uclouvain Openjpeg 2.0 Uclouvain Openjpeg 2.0.0 Uclouvain Openjpeg 2.0.1 Uclouvain Openjpeg 2.1 Uclouvain Openjpeg 2.1.0 Uclouvain Openjpeg 2.1.1 Uclouvain Openjpeg 2.1.2 Uclouvain Openjpeg 2.2.0 Uclouvain Openjpeg 2.3.0 Uclouvain Openjpeg 2.3.1 Uclouvain Openjpeg 2.4.0	20
OS	Redhat Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 6.0 Redhat Enterprise Linux 8.0	3
OS	Fedoraproject Fedoraproject Fedora 33 Fedoraproject Fedora 34	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References