CVE-2016-9675 — Heap-based Buffer Overflow in Openjpeg

CWE-122 — Heap-based Buffer Overflow CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787 — Out-of-bounds Write6 documents6 sources

Severity

7.8HIGHNVD

CNA7.5OSV7.5

EPSS

0.8%

top 25.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Uclouvain Openjpeg Redhat Enterprise Linux Redhat Enterprise Linux FOR IBM Z Systems +2 more

Timeline

PublishedDec 22

Latest updateMay 13

Description

openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDuclouvain/openjpeg< 1.5.2

Also affects: Enterprise Linux 6.0, 7.0, 7.3, 7.4, 7.5, 7.6, 7.7

Patches

Patch: rhn.redhat.com ↗Patch: rhn.redhat.com ↗Patch: rhn.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-6xgj-8663-75f9: openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045↗2022-05-13

▶

CVEList

CVE-2016-9675: openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045↗2016-12-22

▶

OSV

CVE-2016-9675: openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045↗2016-12-22

▶

📋Vendor Advisories

Red Hat

openjpeg: incorrect fix for CVE-2013-6045↗2016-09-26

▶

💬Community

Bugzilla

CVE-2016-9675 openjpeg: incorrect fix for CVE-2013-6045↗2016-10-06

▶