| عنوان | uclouvain openjpeg 2.5.4 Integer Overflow |
|---|
| الوصف | An integer overflow vulnerability exists in opj_pi_initialise_encode() (src/lib/openjp2/pi.c). The include_size variable is calculated through a chain of 32-bit multiplications without overflow checking. When encoding parameters satisfy:
numlayers × l_max_res × numcomps × l_max_prec > UINT32_MAX
the result is truncated, causing a smaller-than-required heap buffer allocation. Subsequent accesses to the include array exceed the allocated bounds. |
|---|
| المصدر | ⚠️ https://github.com/uclouvain/openjpeg/issues/1619 |
|---|
| المستخدم | Kery Qi (UID 94424) |
|---|
| ارسال | 05/04/2026 03:44 PM (19 أيام منذ) |
|---|
| الاعتدال | 13/04/2026 10:41 AM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 357114 [uclouvain openjpeg حتى 2.5.4 src/lib/openjp2/pi.c opj_pi_initialise_encode تلف الذاكرة] |
|---|
| النقاط | 20 |
|---|