ID CVE-2016-9580
Summary An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.
References
Vulnerable Configurations
  • OpenJPEG 2.1.2
    cpe:2.3:a:openjpeg:openjpeg:2.1.2
CVSS
Base: 6.8
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201710-26.NASL
    description The remote host is affected by the vulnerability described in GLSA-201710-26 (OpenJPEG: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenJPEG. Please review the references below for details. Impact : A remote attacker, via a crafted BMP, PDF, or j2k document, could execute arbitrary code, cause a Denial of Service condition, or have other unspecified impacts. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 104069
    published 2017-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104069
    title GLSA-201710-26 : OpenJPEG: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-120.NASL
    description This update for openjpeg2 fixes the following issues : - CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543] - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975] - CVE-2016-7445: NULL pointer dereference in convert.c could lead to crash [bsc#999817] - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] - CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] - CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] - CVE-2016-9114: NULL pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740] - CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741] - CVE-2016-9116: NULL pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742] - CVE-2016-9117: NULL pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743] - CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744]
    last seen 2019-02-21
    modified 2018-10-03
    plugin id 96646
    published 2017-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96646
    title openSUSE Security Update : openjpeg2 (openSUSE-2017-120)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-89EE54C661.NASL
    description This update fixes CVE-2016-9580 and CVE-2016-9581. ---- This update adds a patch to fix CVE-2016-9573 and CVE-2016-9572. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-10-03
    plugin id 96211
    published 2017-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96211
    title Fedora 25 : mingw-openjpeg2 (2016-89ee54c661)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2017-279-02.NASL
    description New openjpeg packages are available for Slackware 14.2 and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 103704
    published 2017-10-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103704
    title Slackware 14.2 / current : openjpeg (SSA:2017-279-02)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-52A1B18397.NASL
    description This update fixes CVE-2016-9580 and CVE-2016-9581. ---- This update adds a patch to fix CVE-2016-9573 and CVE-2016-9572. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-10-03
    plugin id 96202
    published 2017-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96202
    title Fedora 24 : mingw-openjpeg2 (2016-52a1b18397)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-101.NASL
    description This update for openjpeg2 fixes the following issues : - CVE-2016-9114: NULL pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740] - CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741] - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975] - CVE-2016-9117: NULL pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743] - CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] - CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] - CVE-2016-9116: NULL pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742] - CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] - CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543] - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] - CVE-2016-7445: NULL pointer dereference in convert.c could lead to crash [bsc#999817] This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2019-02-21
    modified 2018-10-03
    plugin id 96577
    published 2017-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96577
    title openSUSE Security Update : openjpeg2 (openSUSE-2017-101)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-C404A59411.NASL
    description This update fixes CVE-2016-9580 and CVE-2016-9581. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-10-03
    plugin id 95946
    published 2016-12-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95946
    title Fedora 25 : openjpeg2 (2016-c404a59411)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-3B7F39A8C1.NASL
    description This update fixes CVE-2016-9580 and CVE-2016-9581. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-10-03
    plugin id 96201
    published 2017-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96201
    title Fedora 24 : openjpeg2 (2016-3b7f39a8c1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-108.NASL
    description This update for openjpeg2 fixes the following issues : - CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543] - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975] - CVE-2016-7445: NULL pointer dereference in convert.c could lead to crash [bsc#999817] - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] - CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] - CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] - CVE-2016-9114: NULL pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740] - CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741] - CVE-2016-9116: NULL pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742] - CVE-2016-9117: NULL pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743] - CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744]
    last seen 2019-02-21
    modified 2018-10-03
    plugin id 96580
    published 2017-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96580
    title openSUSE Security Update : openjpeg2 (openSUSE-2017-108)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-3270-1.NASL
    description This update for openjpeg2 fixes the following issues : - CVE-2016-9114: NULL pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740] - CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741] - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975] - CVE-2016-9117: NULL pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743] - CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] - CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] - CVE-2016-9116: NULL pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742] - CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] - CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543] - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] - CVE-2016-7445: NULL pointer dereference in convert.c could lead to crash [bsc#999817] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 96147
    published 2016-12-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96147
    title SUSE SLED12 / SLES12 Security Update : openjpeg2 (SUSE-SU-2016:3270-1)
refmap via4
bid 94822
confirm
gentoo GLSA-201710-26
Last major update 01-08-2018 - 12:29
Published 01-08-2018 - 12:29
Last modified 11-10-2018 - 15:38
Back to Top