Heap-based Buffer Overflow in OpenJPEG Affects Multiple Versions
CVE-2016-9675

7.8HIGH

Key Information:

Vendor

Uclouvain

Status
Openjpeg
Vendor
CVE Published:
22 December 2016

What is CVE-2016-9675?

A vulnerability exists in OpenJPEG due to a heap-based buffer overflow flaw found when applying a patch for a previous security issue. An attacker could craft a malicious j2k image file that, when processed by the OpenJPEG library, may lead to the application crashing or potentially executing arbitrary code. This flaw emphasizes the importance of validating input data to prevent vulnerabilities that could undermine application security.

References

http://www.openwall.com/lists/oss-security/2016/11/29/7
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/94589
vdb-entryx_refsource_BID
http://rhn.redhat.com/errata/RHSA-2017-0559.html
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.