CVE-2016-1923Improper Restriction of Operations within the Bounds of a Memory Buffer in Openjpeg

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow15 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 35.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
THE Openjpeg Project Openjpeg2Uclouvain Openjpeg
Timeline
PublishedJan 27
Latest updateMay 13

Description

Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Debianthe_openjpeg_project/openjpeg2< 2.1.1-1+3

🔴Vulnerability Details

3
GHSA
GHSA-6h2h-qgx7-79mr: Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 20162022-05-13
OSV
CVE-2016-1923: Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 20162016-01-27
CVEList
CVE-2016-1923: Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 20162016-01-27

📋Vendor Advisories

2
Red Hat
openjpeg: out of bounds read in opj_j2k_update_image_data2016-01-18
Debian
CVE-2016-1923: openjpeg2 - Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg...2016

💬Community

9
Bugzilla
CVE-2016-1923 CVE-2016-1924 openjpeg2: various flaws [epel-all]2016-09-20
Bugzilla
CVE-2016-1923 CVE-2016-1924 openjpeg2: various flaws [fedora-all]2016-09-20
Bugzilla
CVE-2016-1923 CVE-2016-1924 mingw-openjpeg2: various flaws [fedora-all]2016-09-20
Bugzilla
CVE-2016-1923 CVE-2016-1924 openjpeg2: various flaws [fedora-all]2016-09-20
Bugzilla
CVE-2016-1923 mingw-openjpeg: openjpeg: out of bounds read in opj_j2k_update_image_data [fedora-all]2016-01-19
CVE-2016-1923 — Uclouvain Openjpeg vulnerability | cvebase