CVE-2016-8332 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Openjpeg

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787 — Out-of-bounds Write13 documents9 sources

Severity

7.8HIGHNVD

CNA7.5

EPSS

1.2%

top 21.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

THE Openjpeg Project Openjpeg2 Openjpeg Uclouvain Openjpeg

Timeline

PublishedOct 28

Latest updateMay 13

Description

A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for e…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶Debianthe_openjpeg_project/openjpeg2< 2.1.2-1+3

▶CVEListV5openjpeg/openjpeg2.1.1

▶NVDuclouvain/openjpeg2.1.1

🔴Vulnerability Details

GHSA

GHSA-qxqh-jjhc-4wfg: A buffer overflow in OpenJPEG 2↗2022-05-13

▶

CVEList

CVE-2016-8332: A buffer overflow in OpenJPEG 2↗2016-10-28

▶

OSV

CVE-2016-8332: A buffer overflow in OpenJPEG 2↗2016-10-28

▶

📋Vendor Advisories

Android

CVE-2016-8332: Android Security Bulletin 2017-06-01 CVE: CVE-2016-8332 Severity: HIGH Type: RCE Affected AOSP versions: 5↗2017-06-01

▶

Red Hat

openjpeg2: JPEG2000 mcc record Code Execution Vulnerability↗2016-09-29

▶

Debian

CVE-2016-8332: openjpeg2 - A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing...↗2016

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: OpenJPEG JPEG2000 mcc record Code Execution Vulnerability↗2016-10-01

▶

💬Community

Bugzilla

CVE-2016-8332 mingw-openjpeg2: openjpeg2: JPEG2000 mcc record Code Execution Vulnerability [fedora-all]↗2016-10-04

▶

Bugzilla

CVE-2016-8332 openjpeg2: JPEG2000 mcc record Code Execution Vulnerability [fedora-all]↗2016-10-03

▶

Bugzilla

CVE-2016-8332 openjpeg2: JPEG2000 mcc record Code Execution Vulnerability↗2016-10-03

▶

Bugzilla

CVE-2016-8332 CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: various flaws [epel-all]↗2016-10-03

▶

Bugzilla

CVE-2016-8332 openjpeg2: JPEG2000 mcc record Code Execution Vulnerability [fedora-all]↗2016-10-03

▶