CVE-2016-9113 — NULL Pointer Dereference in Openjpeg

CWE-476 — NULL Pointer Dereference10 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 36.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Uclouvain Openjpeg

Timeline

PublishedOct 30

Latest updateMay 13

Description

There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDuclouvain/openjpeg2.1.2

🔴Vulnerability Details

GHSA

GHSA-j2pc-4wh8-7v7q: There is a NULL pointer dereference in function imagetobmp of convertbmp↗2022-05-13

▶

OSV

CVE-2016-9113: There is a NULL pointer dereference in function imagetobmp of convertbmp↗2016-10-30

▶

CVEList

CVE-2016-9113: There is a NULL pointer dereference in function imagetobmp of convertbmp↗2016-10-30

▶

📋Vendor Advisories

Red Hat

openjpeg2: Multiple security issues↗2016-10-27

▶

Debian

CVE-2016-9113: openjpeg2 - There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 o...↗2016

▶

💬Community

Bugzilla

CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issues [fedora-all]↗2016-10-31

▶

Bugzilla

CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 mingw-openjpeg2: openjpeg2: Multiple security issues [fedora-all]↗2016-10-31

▶

Bugzilla

CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issues↗2016-10-31

▶

Bugzilla

CVE-2016-8332 CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: various flaws [epel-all]↗2016-10-03

▶