CVE-2016-9573

Published: Aug 1, 2018Modified: Nov 21, 2024

8.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.

Affected (10)

Products: Uclouvain: Openjpeg · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Eus, Enterprise Linux Workstation · Debian: Debian Linux

1 product

5 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Workstation

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Uclouvain Openjpeg	Version 2.1.2

Configuration B

8 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.3
Redhat Enterprise Linux Server Aus	Version 7.4
Redhat Enterprise Linux Server Eus	Version 7.3
Redhat Enterprise Linux Server Eus	Version 7.4
Redhat Enterprise Linux Server Eus	Version 7.5
Redhat Enterprise Linux Workstation	Version 7.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (14)

http://rhn.redhat.com/errata/RHSA-2017-0838.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/97073

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573

Source: secalert@redhat.com

ExploitIssue TrackingPatchThird Party Advisory

https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d

Source: secalert@redhat.com

PatchThird Party Advisory

https://github.com/uclouvain/openjpeg/issues/862

Source: secalert@redhat.com

ExploitThird Party Advisory

https://security.gentoo.org/glsa/201710-26

Source: secalert@redhat.com

Third Party Advisory

https://www.debian.org/security/2017/dsa-3768

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0838.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/97073

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/uclouvain/openjpeg/issues/862

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://security.gentoo.org/glsa/201710-26

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2017/dsa-3768

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.