CVE-2016-7445NULL Pointer Dereference in Openjpeg

CWE-476NULL Pointer Dereference11 documents7 sources
Severity
7.5HIGHNVD
OSV6.5
EPSS
2.0%
top 16.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
THE Openjpeg Project Openjpeg2Uclouvain OpenjpegOpensuse Leap
Timeline
PublishedOct 3
Latest updateOct 7

Description

convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

Ubuntuuclouvain/openjpeg< 1:1.5.2-3.1ubuntu0.1~esm2
Debianthe_openjpeg_project/openjpeg2< 2.1.2-1+3
NVDopensuse/leap42.1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
openjpeg vulnerabilities2022-10-07
GHSA
GHSA-vj8h-cvfh-v55g: convert2022-05-13
OSV
CVE-2016-7445: convert2016-10-03
CVEList
CVE-2016-7445: convert2016-10-03

📋Vendor Advisories

2
Ubuntu
OpenJPEG vulnerabilities2022-10-07
Debian
CVE-2016-7445: openjpeg2 - convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of ...2016

💬Community

4
Bugzilla
CVE-2016-7445 openjpeg2: Null pointer dereference in convert.c2016-09-19
Bugzilla
CVE-2016-7445 openjpeg2: Null pointer dereference in convert.c [fedora-all]2016-09-19
Bugzilla
CVE-2016-7445 openjpeg2: Null pointer dereference in convert.c [epel-all]2016-09-19
Bugzilla
CVE-2016-7445 mingw-openjpeg2: openjpeg2: Null pointer dereference in convert.c [fedora-all]2016-09-19
CVE-2016-7445 — NULL Pointer Dereference in Openjpeg | cvebase