Published: 03/10/2016 Updated: 09/09/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

convert.c in OpenJPEG prior to 2.1.2 allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.

Vulnerable Product	Search on Vulmon	Subscribe to Product
uclouvain openjpeg
opensuse leap 42.1

Debian Bug report logs - #837604 openjpeg2: CVE-2016-7163: Integer overflow in opj_pi_create_decode Package: src:openjpeg2; Maintainer for src:openjpeg2 is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 12 Sep 2016 19:30:01 ...

Debian Bug report logs - #838690 openjpeg2: CVE-2016-7445: Null pointer dereference in convertc Package: src:openjpeg2; Maintainer for src:openjpeg2 is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 23 Sep 2016 17:06:01 UT ...

CWE-476 http://lists.opensuse.org/opensuse-updates/2016-09/msg00109.html https://github.com/uclouvain/openjpeg/blob/openjpeg-2.1/CHANGELOG.md http://www.openwall.com/lists/oss-security/2016/09/18/6 http://www.openwall.com/lists/oss-security/2016/09/18/4 https://github.com/uclouvain/openjpeg/issues/843 http://www.securityfocus.com/bid/93040 https://security.gentoo.org/glsa/201612-26 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837604

CVE-2016-7445

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect