CVE-2017-2812
UnknownEPSS 1.57%
Last modified
CVE-2017-2812 is a vulnerability of currently unknown severity. A code execution vulnerability exists in the kdu_buffered_expand function of the Kakadu SDK 7.9. A specially crafted JPEG 2000 file can be read by the program and can lead to an out of bounds write causing an exploitable condition to arise.. EPSS estimates a 1.57% chance of exploitation in the next 30 days.
Description
A code execution vulnerability exists in the kdu_buffered_expand function of the Kakadu SDK 7.9. A specially crafted JPEG 2000 file can be read by the program and can lead to an out of bounds write causing an exploitable condition to arise.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Kakadusoftware | Kakadu Sdk | 7.9 |
References
- http://www.securityfocus.com/bid/100140Broken Link
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0309Third Party Advisory
- http://www.securityfocus.com/bid/100140Broken Link
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0309Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-2812?
A code execution vulnerability exists in the kdu_buffered_expand function of the Kakadu SDK 7.9. A specially crafted JPEG 2000 file can be read by the program and can lead to an out of bounds write causing an exploitable condition to arise.
How severe is CVE-2017-2812?
Severity scoring for CVE-2017-2812 is pending analysis. The EPSS model estimates a 1.57% probability of exploitation in the next 30 days.
How do I fix CVE-2017-2812?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2017-2812?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST