cbcvebase.
CVE-2016-10504
published 2017-08-30

CVE-2016-10504: Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service…

medium6.5CVSS 3.0
AVNACLPRNUIRSUCNINAH
EXPLOIT
Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianopenjpeg2< openjpeg2 2.2.0-1 (bookworm)openjpeg2 2.2.0-1 (bookworm)
the_openjpeg_projectopenjpeg2>= 0 < 2.2.0-12.2.0-1
the_openjpeg_projectopenjpeg2>= 0 < 2.2.0-12.2.0-1
the_openjpeg_projectopenjpeg2>= 0 < 2.2.0-12.2.0-1
the_openjpeg_projectopenjpeg2>= 0 < 2.2.0-12.2.0-1
uclouvainopenjpeg<= 2.1.2

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM