Back to search
CVE-2022-1122
Published: Mar 29, 2022
Modified: Nov 3, 2025
PUBLISHED
Description
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
| Vendor | Product | Versions |
|---|---|---|
n/a | openjpeg2 | affected openjpeg2 version 2.4.0 and prior |
Weaknesses (CWE)
References
https://github.com/uclouvain/openjpeg/issues/1368
x_refsource_MISC
FEDORA-2022-9515529c96
vendor-advisory
x_refsource_FEDORA
[debian-lts-announce] 20220410 [SECURITY] [DLA 2975-1] openjpeg2 security update
mailing-list
x_refsource_MLIST
FEDORA-2022-2d112d4480
vendor-advisory
x_refsource_FEDORA
FEDORA-2022-975e21444a
vendor-advisory
x_refsource_FEDORA
GLSA-202209-04
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now