CVE-2016-3183
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-3183
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3183.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-3183
- Downstream
- Related
- Published
- 2017-02-03T16:59:00Z
- Modified
- 2025-10-13T04:34:09Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The sycc422trgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file.
- References
-
- https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767
- https://github.com/uclouvain/openjpeg/issues/726
- https://security.gentoo.org/glsa/201612-26
- http://www.openwall.com/lists/oss-security/2016/03/16/17
- https://bugzilla.redhat.com/show_bug.cgi?id=1317821
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FFMOZOF2EI6N2CR23EQ5EATWLQKBMHW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJM23YERMEC6LCTWBUH7LZURGSLZDFDH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFRD35RIPRCGZA5DKAKHZ62LMP2A5UT7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMDEUIMHTLKMHELDL4F4HZ7X4Y34JEB/
- https://www.oracle.com/security-alerts/cpujul2020.html
Affected packages
Git / github.com/uclouvain/openjpeg
Affected ranges
- Type
- GIT
- Repo
- https://github.com/uclouvain/openjpeg
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
{
"vanir_signatures": [
{
"target": {
"function": "sycc420_to_rgb",
"file": "src/bin/common/color.c"
},
"digest": {
"length": 3153.0,
"function_hash": "232723039987976732338498395538962934901"
},
"deprecated": false,
"id": "CVE-2016-3183-042d9082",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767"
},
{
"target": {
"function": "color_sycc_to_rgb",
"file": "src/bin/common/color.c"
},
"digest": {
"length": 1052.0,
"function_hash": "163834713524545296435326667982557538732"
},
"deprecated": false,
"id": "CVE-2016-3183-4b4ce8fa",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767"
},
{
"target": {
"function": "sycc444_to_rgb",
"file": "src/bin/common/color.c"
},
"digest": {
"length": 1301.0,
"function_hash": "50528208843460682154574240540540730910"
},
"deprecated": false,
"id": "CVE-2016-3183-8dceefdc",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767"
},
{
"target": {
"function": "sycc422_to_rgb",
"file": "src/bin/common/color.c"
},
"digest": {
"length": 2248.0,
"function_hash": "54362684166826776803224864586488355076"
},
"deprecated": false,
"id": "CVE-2016-3183-8f45fb0b",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767"
},
{
"target": {
"file": "src/bin/common/color.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"138244548877298902218041542642467587888",
"18809269859584758344380979397030228808",
"282491012989628312524719436047342241572",
"247859123637723811115717504641926702520",
"236332994569524537909403247954223130740",
"97685477365476391735066209522267591509",
"159393623126005493292186356821901710490",
"304589403095236474945679745462923963489",
"50528373211240652803997254695693268812",
"205595688378218778481673434100045694616",
"104109513173611542540007488579653934177",
"200718784474175022797090980114374610812",
"243743255714316124266742150402103380979",
"257522452922096000728894561177266254525",
"339774684984125607297034658278814334834",
"309603988199065472223650289674597067656",
"25602314147906800964232778939310966282",
"317584004630538926428959669609517081877",
"51315054315934659536850774358502792396",
"322628900362867175322253720132578564128",
"88644204931867597756948560831261909664",
"89207189440710557149384242329194429053",
"82923314315062672150959383036828119033",
"14196576362823543063649340574763865089",
"237881388974152880549636120708753737478",
"75540628927824192601670292446787682727",
"111657900476882239943954988398209882570",
"310722741910457477964542904055542263538",
"9531971306032696971631834443777559775",
"210543343504982620886352243467121123815",
"52859723869573555840996363032552117484",
"127856085929334584809567571524053102510",
"97685477365476391735066209522267591509",
"159393623126005493292186356821901710490",
"304589403095236474945679745462923963489",
"50528373211240652803997254695693268812",
"205595688378218778481673434100045694616",
"104109513173611542540007488579653934177",
"200718784474175022797090980114374610812",
"243743255714316124266742150402103380979",
"28301540128789457516439251246913908931",
"240528181696270424515660558193476795418",
"168414073610696146050402407094795227364",
"110325991596947674043665312222514159735",
"246467047400933988581955160841446327161",
"187813587118258944949203413108429123447",
"324861077522988194070797485198363905688",
"21479232988884056687225079802336541131",
"285569428698967809716878498689171875046",
"170150310267634114422756055442432591425",
"210472682364337659142656948817677158516",
"47669034386681414838739813827471815158",
"141315774355945149102949621248292910860",
"181071839617179718893256502837987049556",
"121596700512774203166618914092018882051",
"103020878871106400841863645556969138028",
"309603988199065472223650289674597067656",
"90723639322337037786799515522159762978",
"145571367639013526929886865822707379853",
"71936635940319604917302059213091866506",
"310293988665497998305388415940912731203",
"285162095509720844358451071846339950354",
"190151533277390798611783624637187656622",
"3757169818471990164415372589788195899",
"334678395714242000575265977414926025575",
"41776914429418398823773571133082641989",
"53150382293848028873180545514891304607",
"249110832772914573832965399783227714859",
"4595320859346677017001999603650232463",
"148332431402148104060107965607625385470",
"311357241020195558220788012566949328788",
"322628900362867175322253720132578564128",
"88644204931867597756948560831261909664",
"89207189440710557149384242329194429053",
"238156639705968782757181082697866072943",
"249335561469909443830245085264466382508",
"232510176480720492320303803233778551181",
"83636366904511455969035256174048187587",
"57234946098371162067551608041175851318",
"59362843808923040238941183588764445986",
"208511510615801125884652018090610014217",
"210543343504982620886352243467121123815",
"52859723869573555840996363032552117484",
"127856085929334584809567571524053102510",
"97685477365476391735066209522267591509",
"159393623126005493292186356821901710490",
"304589403095236474945679745462923963489",
"50528373211240652803997254695693268812",
"205595688378218778481673434100045694616",
"104109513173611542540007488579653934177",
"200718784474175022797090980114374610812",
"243743255714316124266742150402103380979",
"125604795163073763874295625794881523066",
"23611236177916487994145591810748114191",
"88895508510120842740738394125077679738",
"108401377897304050180080284253524679274",
"168513463643665291143588786089240727698",
"296009698411781590466958922072955870791",
"237201204818099739874717299835755734225",
"237427738175927435697433195257196298310",
"49888067190674246608889540895451064718",
"332173626083483262000625693408354238254",
"125843339204208203320297487016475793211",
"170969411561658736691258861750910712193",
"149692963909953904502886164835518568142",
"294576848686041303241732528265888510866",
"96800055998634280320472808180680210906",
"27012462281669988699564688287023694245",
"246467047400933988581955160841446327161",
"187813587118258944949203413108429123447",
"90723639322337037786799515522159762978",
"145571367639013526929886865822707379853",
"71936635940319604917302059213091866506",
"310293988665497998305388415940912731203",
"285162095509720844358451071846339950354",
"190151533277390798611783624637187656622",
"3757169818471990164415372589788195899",
"334678395714242000575265977414926025575",
"41776914429418398823773571133082641989",
"53150382293848028873180545514891304607",
"249110832772914573832965399783227714859",
"4595320859346677017001999603650232463",
"148332431402148104060107965607625385470",
"311357241020195558220788012566949328788",
"322628900362867175322253720132578564128",
"88644204931867597756948560831261909664",
"89207189440710557149384242329194429053",
"30728862259030306992680935136195697627",
"234530099080435303959527251164119922892",
"159391309353591642471887614938364689968",
"214328089085677516086918317064760473849",
"337147713089367964434608177659315337118",
"163243682133941114802183357617887939165"
]
},
"deprecated": false,
"id": "CVE-2016-3183-dbf7e83d",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767"
},
{
"target": {
"function": "imagetobmp",
"file": "src/bin/jp2/convertbmp.c"
},
"digest": {
"length": 8515.0,
"function_hash": "195412643330250903764091488308715201513"
},
"deprecated": false,
"id": "CVE-2016-3183-dfde826c",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767"
},
{
"target": {
"file": "src/bin/jp2/convertbmp.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"265351259535117719534036123992808496355",
"77963476706332368559694164666335894594",
"134590308424341073052338712213935232954",
"79466045731928128473232569247596691827"
]
},
"deprecated": false,
"id": "CVE-2016-3183-eee8075e",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767"
}
]
}