VDB
GCVE-VVD-MAGEIA-2021-216
GCVE-VVD-MAGEIA-2021-216
Advisory Published
There is a flaw in the opj2_compress program in openjpeg2. An attacker who is able to submit a large number of image files to be processed in a directory by opj2_compress, could trigger a heap out-of-bounds write due to an integer overflow, which is caused by the large number of image files. The greatest threat posed by this flaw is to confidentiality, integrity, and availability.
This flaw affects the opj2_compress utility but is not in the openjpeg2 library. Therefore, the attack vector is local to the opj2_compress utility and would require an attacker to convince a user to open a directory with an extremely large number of files using opj2_compress, or a script to be feeding such arbitrary, untrusted files to opj2_compress (CVE-2021-29338).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | thunderbird | 0 (affected), 91.3.1-1.mga8 (unaffected) | — |
| Mageia | thunderbird-l10n | 0 (affected), 91.3.1-1.mga8 (unaffected) | — |
| Mageia | openjpeg2 | 0 (affected), 2.4.0-1.1.mga7 (unaffected), 0 (affected), 2.4.0-1.1.mga7 (unaffected) | — |
| Mageia | mingw-openjpeg2 | 0 (affected), 2.4.0-1.mga7 (unaffected), 0 (affected), 2.4.0-1.mga7 (unaffected) | — |
| Mageia | openjpeg2 | 0 (affected), 2.4.0-1.1.mga8 (unaffected), 0 (affected), 2.4.0-1.1.mga8 (unaffected) | — |
| Mageia | mingw-openjpeg2 | 0 (affected), 2.4.0-1.1.mga8 (unaffected), 0 (affected), 2.4.0-1.1.mga8 (unaffected) | — |
References
Browse GCVE Records
100 records in the GCVE database · Updated April 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.