Buffer Overflow Vulnerability in OpenJPEG Library Affects Image Processing in PDF Renderers
CVE-2016-8332

7.5HIGH

Key Information:

Vendor

Openjpeg

Status
Openjpeg
Vendor
CVE Published:
28 October 2016

What is CVE-2016-8332?

A buffer overflow vulnerability exists in the OpenJPEG library, specifically in version 2.1.1. This issue occurs when parsing specially crafted jpeg2000 image files, which can lead to out-of-bounds heap writes. As a result, heap corruption may occur, enabling attackers to execute arbitrary code. The jpeg2000 format is predominantly used for embedding images within PDF documents, making PDF files a common attack vector. Users must be cautious when opening jpeg2000 files, as successful exploitation requires interaction with a malicious image.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

OPENJPEG 2.1.1

References

http://www.debian.org/security/2017/dsa-3768
vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/93242
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038623
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.