CVE-2016-9572

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-9572
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9572.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-9572
Downstream
Related
Published
2018-08-01T16:29:00Z
Modified
2025-09-19T08:39:28.979861Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.

References

Affected packages

Git / github.com/szukw000/openjpeg

Affected ranges

Type
GIT
Repo
https://github.com/szukw000/openjpeg
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/uclouvain/openjpeg
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

v2.*

v2.1.1
v2.1.2

Database specific

{
    "vanir_signatures": [
        {
            "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
            "deprecated": false,
            "target": {
                "file": "src/lib/openjp2/j2k.c",
                "function": "opj_j2k_get_tile"
            },
            "signature_version": "v1",
            "digest": {
                "length": 2850.0,
                "function_hash": "193136940573119357836124800919983322157"
            },
            "signature_type": "Function",
            "id": "CVE-2016-9572-22dc9f72"
        },
        {
            "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
            "deprecated": false,
            "target": {
                "file": "src/bin/jp2/opj_decompress.c",
                "function": "main"
            },
            "signature_version": "v1",
            "digest": {
                "length": 8298.0,
                "function_hash": "297676261437184694016835715520667960776"
            },
            "signature_type": "Function",
            "id": "CVE-2016-9572-238d320f"
        },
        {
            "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
            "deprecated": false,
            "target": {
                "file": "src/bin/jp2/convertbmp.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "318264711267618518751963823025624787858",
                    "255363180696734635951214510385402174049",
                    "309841295499363486108133483116972563936",
                    "14561951267035938107675197466098701316",
                    "15639637573197209635959170013101441935"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2016-9572-244fc7ff"
        },
        {
            "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
            "deprecated": false,
            "target": {
                "file": "src/bin/jp2/opj_decompress.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "228490326070881309985403427500286322939",
                    "17687366975017735657591238761002032239",
                    "239581916029237176554430048550513987813",
                    "212174472147716699098750234530926059957"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2016-9572-31a54708"
        },
        {
            "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
            "deprecated": false,
            "target": {
                "file": "src/bin/jp2/convert.c",
                "function": "imagetopnm"
            },
            "signature_version": "v1",
            "digest": {
                "length": 5536.0,
                "function_hash": "253581360288918369994768571986053002378"
            },
            "signature_type": "Function",
            "id": "CVE-2016-9572-524a6142"
        },
        {
            "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
            "deprecated": false,
            "target": {
                "file": "src/lib/openjp2/j2k.c",
                "function": "opj_j2k_decode"
            },
            "signature_version": "v1",
            "digest": {
                "length": 1055.0,
                "function_hash": "33275239114353805521079340080330716201"
            },
            "signature_type": "Function",
            "id": "CVE-2016-9572-5e356f67"
        },
        {
            "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
            "deprecated": false,
            "target": {
                "file": "src/bin/jp2/convert.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "80315732206355359049050769247888656091",
                    "183763278690463407009818878414944039954",
                    "62822351838568414076055483728315566222",
                    "122396704176018901594857699730273313546",
                    "262148574508447972117312429828193579183",
                    "136706975510943855203607052440698341936",
                    "193612096258726163727787347278234715483",
                    "47142360348409988863822996383906422293",
                    "52030118202603584211358048115811922219",
                    "190010574521500998074619833611306749941",
                    "111072910875417164785446644371401396370",
                    "153462369694004413846611341277916680725",
                    "257103834486202656738728233321824753304",
                    "72036359385383864535123877284098252703",
                    "203186649364705011118148340480887803902",
                    "339167995955655546575847274629792267207",
                    "161714677321586967482788935172220399570",
                    "190119430394339295500259979754348457523",
                    "36021345366885397673199063209432470823",
                    "12763122897174111320792906513163393472",
                    "139120114906283556372762204524320099530",
                    "230096631979752056642068377261925875985",
                    "308383285384679798260528084732020131797",
                    "91461493161587018849829739536973344207",
                    "242775405494858142976238549683244043885",
                    "284902547186276625068125661054229431110",
                    "265140894365009529774366330508618613646"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2016-9572-619e62ee"
        },
        {
            "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
            "deprecated": false,
            "target": {
                "file": "src/lib/openjp2/j2k.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "135871134447234627874245013138127965852",
                    "308005561986685042015028372656817408867",
                    "109625809900293282610397426434514288476",
                    "324530319344996584960719067886783000030",
                    "82526264930603096558269276368594977261",
                    "245830637960672274992287612575021189575",
                    "301571008654756861986195373651121103945",
                    "160900890564292618354247114135242261711",
                    "207179950201084715599855631176457646366",
                    "315164313095756400637091384970624751387",
                    "228743686273374863276121384749357185263",
                    "153686703996815414543249050234097436785",
                    "108237980005460661314357549048658353636",
                    "66907927412709611544060494845656412775",
                    "14182392715881408348973902011195640487"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2016-9572-9f24bb02"
        },
        {
            "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
            "deprecated": false,
            "target": {
                "file": "src/bin/jp2/convert.c",
                "function": "imagetotga"
            },
            "signature_version": "v1",
            "digest": {
                "length": 2903.0,
                "function_hash": "10145319696166922982477300412952557678"
            },
            "signature_type": "Function",
            "id": "CVE-2016-9572-bbff2600"
        },
        {
            "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
            "deprecated": false,
            "target": {
                "file": "src/bin/jp2/convert.c",
                "function": "imagetoraw_common"
            },
            "signature_version": "v1",
            "digest": {
                "length": 3477.0,
                "function_hash": "273635315231797665313944944891916635209"
            },
            "signature_type": "Function",
            "id": "CVE-2016-9572-c03ddbc6"
        },
        {
            "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
            "deprecated": false,
            "target": {
                "file": "src/bin/jp2/convertbmp.c",
                "function": "imagetobmp"
            },
            "signature_version": "v1",
            "digest": {
                "length": 8515.0,
                "function_hash": "275523838856146161356127068872183091878"
            },
            "signature_type": "Function",
            "id": "CVE-2016-9572-c0ed7cde"
        },
        {
            "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
            "deprecated": false,
            "target": {
                "file": "src/lib/openjp2/j2k.c",
                "function": "opj_j2k_read_siz"
            },
            "signature_version": "v1",
            "digest": {
                "length": 10011.0,
                "function_hash": "63313544961116613434530705982078774213"
            },
            "signature_type": "Function",
            "id": "CVE-2016-9572-d0d1abc4"
        }
    ]
}