cbcvebase.
CVE-2016-4796
published 2017-02-03

CVE-2016-4796: Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via…

medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.

Affected

8 ranges
VendorProductVersion rangeFixed in
debianopenjpeg2< openjpeg2 2.1.1-1 (bookworm)openjpeg2 2.1.1-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
the_openjpeg_projectopenjpeg2>= 0 < 2.1.1-12.1.1-1
the_openjpeg_projectopenjpeg2>= 0 < 2.1.1-12.1.1-1
the_openjpeg_projectopenjpeg2>= 0 < 2.1.1-12.1.1-1
the_openjpeg_projectopenjpeg2>= 0 < 2.1.1-12.1.1-1
uclouvainopenjpeg<= 2.1.0

CVSS provenance

nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM