CVE-2016-7163Integer Overflow or Wraparound in Openjpeg

CWE-190Integer Overflow or Wraparound13 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.5%
top 33.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
THE Openjpeg Project Openjpeg2Uclouvain OpenjpegDebian Linux+7 more
Timeline
PublishedSep 21
Latest updateMay 13

Description

Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

NVDuclouvain/openjpeg< 2.2.0
Debianthe_openjpeg_project/openjpeg2< 2.1.2-1+3

Also affects: Debian Linux 8.0, Fedora 23, 24, 25, Enterprise Linux 7.3, 7.4, 7.5, 7.6, 7.7

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-jm4f-49x7-642p: Integer overflow in the opj_pi_create_decode function in pi2022-05-13
CVEList
CVE-2016-7163: Integer overflow in the opj_pi_create_decode function in pi2016-09-21
OSV
CVE-2016-7163: Integer overflow in the opj_pi_create_decode function in pi2016-09-21

📋Vendor Advisories

2
Red Hat
openjpeg: Integer overflow in opj_pi_create_decode2016-09-06
Debian
CVE-2016-7163: openjpeg2 - Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows...2016

💬Community

7
HackerOne
CVE-2016-7163 OpenJPEG opj_pi_create_decode Integer Overflow Vulnerability2019-11-12
Bugzilla
CVE-2016-7163 openjpeg: Integer overflow in opj_pi_create_decode2016-09-08
Bugzilla
CVE-2016-7163 openjpeg2: various flaws [fedora-all]2016-09-08
Bugzilla
CVE-2016-7163 mingw-openjpeg2: various flaws [fedora-all]2016-09-08
Bugzilla
CVE-2016-7163 openjpeg: various flaws [fedora-all]2016-09-08
CVE-2016-7163 — Integer Overflow or Wraparound | cvebase