DEBIAN-CVE-2017-12982

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2017-12982

Published: 21 Aug 2017, 07:29

Last modified:28 Apr 2026, 20:16

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

3.1 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 Aug 2017, 07:29

Published

Vulnerability first disclosed

28 Apr 2026, 20:16

Last Modified

Vulnerability information updated

Description

The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Systems

debian•openjpeg2
< 2.3.0-1 | < 2.3.0-1 | < 2.3.0-1 | < 2.3.0-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2017-12982