ID CVE-2016-7163
Summary Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
References
Vulnerable Configurations
  • cpe:2.3:a:openjpeg:openjpeg:*:*:*:*:*:*:*:*
    cpe:2.3:a:openjpeg:openjpeg:*:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 05-01-2018 - 02:31)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2017:0559
  • rhsa
    id RHSA-2017:0838
rpms
  • openjpeg-0:1.3-16.el6_8
  • openjpeg-devel-0:1.3-16.el6_8
  • openjpeg-libs-0:1.3-16.el6_8
  • openjpeg-0:1.5.1-16.el7_3
  • openjpeg-devel-0:1.5.1-16.el7_3
  • openjpeg-libs-0:1.5.1-16.el7_3
refmap via4
bid 92897
confirm
debian DSA-3665
fedora
  • FEDORA-2016-231f53426b
  • FEDORA-2016-27d3b7742f
  • FEDORA-2016-2eac99579c
  • FEDORA-2016-8ed6b7bb5e
  • FEDORA-2016-adb346980c
  • FEDORA-2016-dc53ceffc2
mlist
  • [oss-security] 20160908 CVE Request: OpenJPEG Integer Overflow Issue
  • [oss-security] 20160908 Re: CVE Request: OpenJPEG Integer Overflow Issue
Last major update 05-01-2018 - 02:31
Published 21-09-2016 - 14:25
Back to Top