CVE-2016-1924Improper Restriction of Operations within the Bounds of a Memory Buffer in Openjpeg

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds Read16 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.9%
top 23.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
THE Openjpeg Project Openjpeg2Uclouvain Openjpeg
Timeline
PublishedJan 27
Latest updateMay 13

Description

The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Debianthe_openjpeg_project/openjpeg2< 2.1.1-1+3

🔴Vulnerability Details

3
GHSA
GHSA-9wvq-wq87-3fc6: The opj_tgt_reset function in OpenJpeg 20162022-05-13
CVEList
CVE-2016-1924: The opj_tgt_reset function in OpenJpeg 20162016-01-27
OSV
CVE-2016-1924: The opj_tgt_reset function in OpenJpeg 20162016-01-27

📋Vendor Advisories

2
Red Hat
openjpeg: out of bounds read in opj_tgt_reset2016-01-18
Debian
CVE-2016-1924: openjpeg2 - The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to caus...2016

💬Community

10
HackerOne
CVE-2016-1924 OpenJPEG opj_tgt_reset Out-of-Bounds Read Vulnerability2019-11-12
Bugzilla
CVE-2016-1923 CVE-2016-1924 openjpeg2: various flaws [epel-all]2016-09-20
Bugzilla
CVE-2016-1923 CVE-2016-1924 openjpeg2: various flaws [fedora-all]2016-09-20
Bugzilla
CVE-2016-1923 CVE-2016-1924 mingw-openjpeg2: various flaws [fedora-all]2016-09-20
Bugzilla
CVE-2016-1923 CVE-2016-1924 openjpeg2: various flaws [fedora-all]2016-09-20
CVE-2016-1924 — Uclouvain Openjpeg vulnerability | cvebase