CVE-2016-9115 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Openjpeg

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 40.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Uclouvain Openjpeg

Timeline

PublishedOct 30

Latest updateMay 13

Description

Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDuclouvain/openjpeg2.1.2

🔴Vulnerability Details

GHSA

GHSA-3xhq-34vv-rcv3: Heap Buffer Over-read in function imagetotga of convert↗2022-05-13

▶

OSV

CVE-2016-9115: Heap Buffer Over-read in function imagetotga of convert↗2016-10-30

▶

CVEList

CVE-2016-9115: Heap Buffer Over-read in function imagetotga of convert↗2016-10-30

▶

📋Vendor Advisories

Red Hat

openjpeg2: Multiple security issues↗2016-10-27

▶

Debian

CVE-2016-9115: openjpeg2 - Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2...↗2016

▶

💬Community

Bugzilla

CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issues [fedora-all]↗2016-10-31

▶

Bugzilla

CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 mingw-openjpeg2: openjpeg2: Multiple security issues [fedora-all]↗2016-10-31

▶

Bugzilla

CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issues↗2016-10-31

▶

Bugzilla

CVE-2016-8332 CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: various flaws [epel-all]↗2016-10-03

▶