CVE-2016-9573Out-of-bounds Read in Openjpeg Project Openjpeg

CWE-125Out-of-bounds Read14 documents7 sources
Severity
8.1HIGHNVD
CNA6.5
EPSS
1.1%
top 22.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
THE Openjpeg Project Openjpeg2THE Openjpeg Project OpenjpegDebian Linux+6 more
Timeline
PublishedAug 1
Latest updateMay 13

Description

An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages6 packages

Debianthe_openjpeg_project/openjpeg2< 2.1.2-1.1+3

Also affects: Debian Linux 8.0, Enterprise Linux 7.3, 7.4, 7.5

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-f6vv-86p4-jjqr: An out-of-bounds read vulnerability was found in OpenJPEG 22022-05-13
CVEList
CVE-2016-9573: An out-of-bounds read vulnerability was found in OpenJPEG 22018-08-01
OSV
CVE-2016-9573: An out-of-bounds read vulnerability was found in OpenJPEG 22018-08-01

📋Vendor Advisories

2
Red Hat
openjpeg: heap out-of-bounds read due to insufficient check in imagetopnm()2016-11-02
Debian
CVE-2016-9573: openjpeg2 - An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_i...2016

💬Community

8
Bugzilla
CVE-2016-9573 openjpeg2: openjpeg: heap out-of-bounds read due to insufficient check in imagetopnm() [epel-7]2017-03-23
Bugzilla
CVE-2016-9573 CVE-2016-9572 openjpeg2: various flaws [epel-6]2016-12-08
Bugzilla
CVE-2016-9573 CVE-2016-9572 mingw-openjpeg: various flaws [fedora-all]2016-12-08
Bugzilla
CVE-2016-9573 openjpeg: heap out-of-bounds read due to insufficient check in imagetopnm()2016-12-08
Bugzilla
CVE-2016-9573 CVE-2016-9572 mingw-openjpeg2: various flaws [fedora-all]2016-12-08
CVE-2016-9573 — Out-of-bounds Read | cvebase