Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2016-7163

Published: 21/09/2016 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Openjpeg

Vulnerability Summary

Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote malicious users to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

uclouvain openjpeg

debian debian linux 8.0

fedoraproject fedora 25

fedoraproject fedora 24

fedoraproject fedora 23

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server 7.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

redhat enterprise linux server tus 7.3

redhat enterprise linux server aus 7.3

redhat enterprise linux server aus 7.4

redhat enterprise linux eus 7.3

redhat enterprise linux eus 7.4

redhat enterprise linux eus 7.5

redhat enterprise linux server tus 7.6

redhat enterprise linux server aus 7.6

redhat enterprise linux eus 7.6

redhat enterprise linux server aus 7.7

redhat enterprise linux server tus 7.7

redhat enterprise linux eus 7.7

Vendor Advisories

Red Hat: Moderate: openjpeg security update
Synopsis Moderate: openjpeg security update Type/Severity Security Advisory: Moderate Topic An update for openjpeg is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...
Red Hat: Moderate: openjpeg security update
Synopsis Moderate: openjpeg security update Type/Severity Security Advisory: Moderate Topic An update for openjpeg is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...
Debian CVElist Bug Report Logs: openjpeg2: CVE-2016-7163: Integer overflow in opj_pi_create_decode
Debian Bug report logs - #837604 openjpeg2: CVE-2016-7163: Integer overflow in opj_pi_create_decode Package: src:openjpeg2; Maintainer for src:openjpeg2 is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 12 Sep 2016 19:30:01 ...
Debian CVElist Bug Report Logs: openjpeg2: CVE-2016-7445: Null pointer dereference in convert.c
Debian Bug report logs - #838690 openjpeg2: CVE-2016-7445: Null pointer dereference in convertc Package: src:openjpeg2; Maintainer for src:openjpeg2 is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 23 Sep 2016 17:06:01 UT ...
Amazon Linux AMI: ALAS-2017-807
Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) A vulnerability was found in the patch for CVE-2013-6045 for Open ...
Red Hat: CVE-2016-7163
An integer overflow, leading to a heap buffer overflow, was found in OpenJPEG An attacker could create a crafted JPEG2000 image that, when loaded by an application using openjpeg, could lead to a crash or, potentially, code execution ...

References

CWE-190https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24http://www.securityfocus.com/bid/92897https://github.com/uclouvain/openjpeg/pull/809https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4http://www.openwall.com/lists/oss-security/2016/09/08/6http://www.debian.org/security/2016/dsa-3665http://www.openwall.com/lists/oss-security/2016/09/08/3https://github.com/uclouvain/openjpeg/issues/826http://rhn.redhat.com/errata/RHSA-2017-0838.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0559.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQ2IIIQSJ3J4MONBOGCG6XHLKKJX2HKM/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2T6IQAMS4W65MGP7UW5FPE22PXELTK5D/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/66BWMMMWXH32J5AOGLAJGZA3GH5LZHXH/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4IRSGYMBSHCBZP23CUDIRJ3LBKH6ZJ7/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGKSEWWWED77Q5ZHK4OA2EKSJXLRU3MK/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYLOX7PZS3ZUHQ6RGI3M6H27B7I5ZZ26/https://access.redhat.com/errata/RHSA-2017:0559https://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2017-807.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook