CVE-2016-4797 - Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 all

CVE-2016-4797

Summary

Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.

References

Vulnerable Configurations

cpe:2.3:a:uclouvain:openjpeg:-:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:-:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:1.0:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:1.0:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:1.1:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:1.1:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:1.2:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:1.2:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:1.3:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:1.3:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:1.4:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:1.4:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:1.5:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:1.5:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:2.0:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:2.0:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:2.1:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:2.1:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:2.1.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 09-09-2020 - 19:57)
Impact:
Exploitability:

CWE

CWE-369

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

confirm	https://bugzilla.redhat.com/show_bug.cgi?id=1335483 https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c
fedora	FEDORA-2016-14d8f9b4ed FEDORA-2016-8fa7ced365 FEDORA-2016-abdc548f46 FEDORA-2016-d2ab705e4a
misc	https://github.com/uclouvain/openjpeg/issues/733 https://www.oracle.com/security-alerts/cpujul2020.html
mlist	[oss-security] 20160512 Re: CVE Request - OpenJPEG: Security Fixes

Last major update

09-09-2020 - 19:57

Published

03-02-2017 - 16:59

Last modified

09-09-2020 - 19:57