6.5

CVE-2016-9572

Exploit
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
UclouvainOpenjpeg Version2.1.2
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.18% 0.8
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
secalert@redhat.com 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://security.gentoo.org/glsa/201710-26
Third Party Advisory
https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d
Patch
Third Party Advisory
https://www.debian.org/security/2017/dsa-3768
Third Party Advisory
http://www.securityfocus.com/bid/109233
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572
Patch
Third Party Advisory
Exploit
Issue Tracking
https://github.com/uclouvain/openjpeg/issues/863
Third Party Advisory
Exploit