A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.
{ "vanir_signatures": [ { "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d", "deprecated": false, "target": { "file": "src/lib/openjp2/j2k.c", "function": "opj_j2k_get_tile" }, "signature_version": "v1", "digest": { "length": 2850.0, "function_hash": "193136940573119357836124800919983322157" }, "signature_type": "Function", "id": "CVE-2016-9572-22dc9f72" }, { "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d", "deprecated": false, "target": { "file": "src/bin/jp2/opj_decompress.c", "function": "main" }, "signature_version": "v1", "digest": { "length": 8298.0, "function_hash": "297676261437184694016835715520667960776" }, "signature_type": "Function", "id": "CVE-2016-9572-238d320f" }, { "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d", "deprecated": false, "target": { "file": "src/bin/jp2/convertbmp.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "318264711267618518751963823025624787858", "255363180696734635951214510385402174049", "309841295499363486108133483116972563936", "14561951267035938107675197466098701316", "15639637573197209635959170013101441935" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2016-9572-244fc7ff" }, { "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d", "deprecated": false, "target": { "file": "src/bin/jp2/opj_decompress.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "228490326070881309985403427500286322939", "17687366975017735657591238761002032239", "239581916029237176554430048550513987813", "212174472147716699098750234530926059957" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2016-9572-31a54708" }, { "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d", "deprecated": false, "target": { "file": "src/bin/jp2/convert.c", "function": "imagetopnm" }, "signature_version": "v1", "digest": { "length": 5536.0, "function_hash": "253581360288918369994768571986053002378" }, "signature_type": "Function", "id": "CVE-2016-9572-524a6142" }, { "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d", "deprecated": false, "target": { "file": "src/lib/openjp2/j2k.c", "function": "opj_j2k_decode" }, "signature_version": "v1", "digest": { "length": 1055.0, "function_hash": "33275239114353805521079340080330716201" }, "signature_type": "Function", "id": "CVE-2016-9572-5e356f67" }, { "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d", "deprecated": false, "target": { "file": "src/bin/jp2/convert.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "80315732206355359049050769247888656091", "183763278690463407009818878414944039954", "62822351838568414076055483728315566222", "122396704176018901594857699730273313546", "262148574508447972117312429828193579183", "136706975510943855203607052440698341936", "193612096258726163727787347278234715483", "47142360348409988863822996383906422293", "52030118202603584211358048115811922219", "190010574521500998074619833611306749941", "111072910875417164785446644371401396370", "153462369694004413846611341277916680725", "257103834486202656738728233321824753304", "72036359385383864535123877284098252703", "203186649364705011118148340480887803902", "339167995955655546575847274629792267207", "161714677321586967482788935172220399570", "190119430394339295500259979754348457523", "36021345366885397673199063209432470823", "12763122897174111320792906513163393472", "139120114906283556372762204524320099530", "230096631979752056642068377261925875985", "308383285384679798260528084732020131797", "91461493161587018849829739536973344207", "242775405494858142976238549683244043885", "284902547186276625068125661054229431110", "265140894365009529774366330508618613646" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2016-9572-619e62ee" }, { "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d", "deprecated": false, "target": { "file": "src/lib/openjp2/j2k.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "135871134447234627874245013138127965852", "308005561986685042015028372656817408867", "109625809900293282610397426434514288476", "324530319344996584960719067886783000030", "82526264930603096558269276368594977261", "245830637960672274992287612575021189575", "301571008654756861986195373651121103945", "160900890564292618354247114135242261711", "207179950201084715599855631176457646366", "315164313095756400637091384970624751387", "228743686273374863276121384749357185263", "153686703996815414543249050234097436785", "108237980005460661314357549048658353636", "66907927412709611544060494845656412775", "14182392715881408348973902011195640487" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2016-9572-9f24bb02" }, { "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d", "deprecated": false, "target": { "file": "src/bin/jp2/convert.c", "function": "imagetotga" }, "signature_version": "v1", "digest": { "length": 2903.0, "function_hash": "10145319696166922982477300412952557678" }, "signature_type": "Function", "id": "CVE-2016-9572-bbff2600" }, { "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d", "deprecated": false, "target": { "file": "src/bin/jp2/convert.c", "function": "imagetoraw_common" }, "signature_version": "v1", "digest": { "length": 3477.0, "function_hash": "273635315231797665313944944891916635209" }, "signature_type": "Function", "id": "CVE-2016-9572-c03ddbc6" }, { "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d", "deprecated": false, "target": { "file": "src/bin/jp2/convertbmp.c", "function": "imagetobmp" }, "signature_version": "v1", "digest": { "length": 8515.0, "function_hash": "275523838856146161356127068872183091878" }, "signature_type": "Function", "id": "CVE-2016-9572-c0ed7cde" }, { "source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d", "deprecated": false, "target": { "file": "src/lib/openjp2/j2k.c", "function": "opj_j2k_read_siz" }, "signature_version": "v1", "digest": { "length": 10011.0, "function_hash": "63313544961116613434530705982078774213" }, "signature_type": "Function", "id": "CVE-2016-9572-d0d1abc4" } ] }