ID CVE-2016-9675
Summary openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.
References
Vulnerable Configurations
  • cpe:2.3:a:uclouvain:openjpeg:-:*:*:*:*:*:*:*
    cpe:2.3:a:uclouvain:openjpeg:-:*:*:*:*:*:*:*
  • cpe:2.3:a:uclouvain:openjpeg:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:uclouvain:openjpeg:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:uclouvain:openjpeg:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:uclouvain:openjpeg:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:uclouvain:openjpeg:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:uclouvain:openjpeg:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:uclouvain:openjpeg:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:uclouvain:openjpeg:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:uclouvain:openjpeg:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:uclouvain:openjpeg:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:uclouvain:openjpeg:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:uclouvain:openjpeg:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:uclouvain:openjpeg:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:uclouvain:openjpeg:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.7:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.7:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 10-02-2023 - 18:29)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1382202
    title CVE-2016-9675 openjpeg: incorrect fix for CVE-2013-6045
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment openjpeg is earlier than 0:1.3-16.el6_8
            oval oval:com.redhat.rhsa:tst:20170559001
          • comment openjpeg is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121068002
        • AND
          • comment openjpeg-devel is earlier than 0:1.3-16.el6_8
            oval oval:com.redhat.rhsa:tst:20170559003
          • comment openjpeg-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121068004
        • AND
          • comment openjpeg-libs is earlier than 0:1.3-16.el6_8
            oval oval:com.redhat.rhsa:tst:20170559005
          • comment openjpeg-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121068006
    rhsa
    id RHSA-2017:0559
    released 2017-03-20
    severity Moderate
    title RHSA-2017:0559: openjpeg security update (Moderate)
  • bugzilla
    id 1402711
    title CVE-2016-9573 openjpeg: heap out-of-bounds read due to insufficient check in imagetopnm()
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment openjpeg is earlier than 0:1.5.1-16.el7_3
            oval oval:com.redhat.rhsa:tst:20170838001
          • comment openjpeg is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121068002
        • AND
          • comment openjpeg-devel is earlier than 0:1.5.1-16.el7_3
            oval oval:com.redhat.rhsa:tst:20170838003
          • comment openjpeg-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121068004
        • AND
          • comment openjpeg-libs is earlier than 0:1.5.1-16.el7_3
            oval oval:com.redhat.rhsa:tst:20170838005
          • comment openjpeg-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121068006
    rhsa
    id RHSA-2017:0838
    released 2017-03-23
    severity Moderate
    title RHSA-2017:0838: openjpeg security update (Moderate)
rpms
  • openjpeg-0:1.3-16.el6_8
  • openjpeg-debuginfo-0:1.3-16.el6_8
  • openjpeg-devel-0:1.3-16.el6_8
  • openjpeg-libs-0:1.3-16.el6_8
  • openjpeg-0:1.5.1-16.el7_3
  • openjpeg-debuginfo-0:1.5.1-16.el7_3
  • openjpeg-devel-0:1.5.1-16.el7_3
  • openjpeg-libs-0:1.5.1-16.el7_3
refmap via4
bid 94589
mlist [oss-security] 20161129 Re: openjpeg CVE-2016-3181, CVE-2016-3182 .. and CVE-2013-6045
Last major update 10-02-2023 - 18:29
Published 22-12-2016 - 21:59
Last modified 10-02-2023 - 18:29
Back to Top