CVE-2021-3575: Out-of-bounds Write

March 4, 2022 (updated February 12, 2023)

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.

References

bugzilla.redhat.com/show_bug.cgi?id=1957616
github.com/uclouvain/openjpeg/issues/1347
nvd.nist.gov/vuln/detail/CVE-2021-3575
ubuntu.com/security/CVE-2021-3575

Detect and mitigate CVE-2021-3575 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →