NULL Pointer Access Vulnerability in OpenJPEG by Open Source Community
CVE-2016-9114

7.5HIGH

Key Information:

Vendor

Uclouvain

Status
Openjpeg
Vendor
CVE Published:
30 October 2016

What is CVE-2016-9114?

A NULL pointer access vulnerability exists in the imagetopnm function of convert.c in OpenJPEG version 2.1.2. This issue arises when image->comps[compno].data remains uninitialized following instantiation, leading to a potential denial of service condition. Attackers leveraging this vulnerability can disrupt service by exploiting how the library processes images, thereby making systems utilizing OpenJPEG vulnerable to crashes.

References

https://security.gentoo.org/glsa/201710-26
vendor-advisoryx_refsource_GENTOO
http://www.securityfocus.com/bid/93979
vdb-entryx_refsource_BID
https://github.com/uclouvain/openjpeg/issues/857
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.