CVE-2016-7445: convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving…

high7.5CVSS 3.0

AVNACLPRNUINSUCNINAH

convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.

Affected

8 ranges

Vendor	Product	Version range	Fixed in
debian	openjpeg2	< openjpeg2 2.1.2-1 (bookworm)	openjpeg2 2.1.2-1 (bookworm)
opensuse	leap	—	—
the_openjpeg_project	openjpeg2	>= 0 < 2.1.2-1	2.1.2-1
the_openjpeg_project	openjpeg2	>= 0 < 2.1.2-1	2.1.2-1
the_openjpeg_project	openjpeg2	>= 0 < 2.1.2-1	2.1.2-1
the_openjpeg_project	openjpeg2	>= 0 < 2.1.2-1	2.1.2-1
uclouvain	openjpeg	<= 2.1.1	—
uclouvain	openjpeg	>= 0 < 1:1.5.2-3.1ubuntu0.1~esm2	1:1.5.2-3.1ubuntu0.1~esm2

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

osv7.5HIGH