CVE-2016-9572 - OpenCVE

A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Uclouvain	Openjpeg
Debian	Debian Linux

Configuration 1 [-]

cpe:2.3:a:uclouvain:openjpeg:2.1.2:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/109233
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572	Exploit Issue Tracking Patch Third Party Advisory
https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d	Patch Third Party Advisory
https://github.com/uclouvain/openjpeg/issues/863	Exploit Third Party Advisory
https://security.gentoo.org/glsa/201710-26	Third Party Advisory
https://www.debian.org/security/2017/dsa-3768	Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2018-08-01T16:00:00

Updated: 2019-07-23T22:31:32

Reserved: 2016-11-23T00:00:00

Link: CVE-2016-9572

JSON object: View

NVD Information

Status : Modified

Published: 2018-08-01T16:29:00.383

Modified: 2023-02-12T23:27:16.647

Link: CVE-2016-9572

JSON object: View

Redhat Information

No data.

CWE

CWE-476

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:uclouvain:openjpeg:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "1CFB3AF6-73C9-4567-9FA4-DE81159128D7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image."}, {"lang": "es", "value": "Se ha detectado un error de desreferencia de puntero NULL en la forma en la que openjpeg 2.1.2 descifraba ciertas im\u00e1genes de entrada. Debido a un error de l\u00f3gica en el c\u00f3digo responsable de descifrar la imagen de entrada, una aplicaci\u00f3n que emplee openjpeg para procesar datos de im\u00e1genes podr\u00eda cerrarse inesperadamente al procesar una imagen manipulada."}], "id": "CVE-2016-9572", "lastModified": "2023-02-12T23:27:16.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2018-08-01T16:29:00.383", "references": [{"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/109233"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/uclouvain/openjpeg/issues/863"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201710-26"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-3768"}, {"source": "secalert@redhat.com", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Secondary"}]}