cbcvebase.
CVE-2016-10507
published 2017-08-30

CVE-2016-10507: Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service…

medium6.5CVSS 3.0
AVNACLPRNUIRSUCNINAH
Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianopenjpeg2< openjpeg2 2.1.2-1 (bookworm)openjpeg2 2.1.2-1 (bookworm)
the_openjpeg_projectopenjpeg2>= 0 < 2.1.2-12.1.2-1
the_openjpeg_projectopenjpeg2>= 0 < 2.1.2-12.1.2-1
the_openjpeg_projectopenjpeg2>= 0 < 2.1.2-12.1.2-1
the_openjpeg_projectopenjpeg2>= 0 < 2.1.2-12.1.2-1
uclouvainopenjpeg<= 2.1.2

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM