CVE-2016-9572
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-9572
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9572.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-9572
- Downstream
- Related
- Published
- 2018-08-01T16:29:00Z
- Modified
- 2025-09-19T08:39:28.979861Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.
- References
-
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572
- https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d
- https://github.com/uclouvain/openjpeg/issues/863
- https://security.gentoo.org/glsa/201710-26
- https://www.debian.org/security/2017/dsa-3768
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- http://www.securityfocus.com/bid/109233
Affected packages
Git / github.com/szukw000/openjpeg
Affected ranges
- Type
- GIT
- Repo
- https://github.com/szukw000/openjpeg
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/uclouvain/openjpeg
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Database specific
{
"vanir_signatures": [
{
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"deprecated": false,
"target": {
"file": "src/lib/openjp2/j2k.c",
"function": "opj_j2k_get_tile"
},
"signature_version": "v1",
"digest": {
"length": 2850.0,
"function_hash": "193136940573119357836124800919983322157"
},
"signature_type": "Function",
"id": "CVE-2016-9572-22dc9f72"
},
{
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"deprecated": false,
"target": {
"file": "src/bin/jp2/opj_decompress.c",
"function": "main"
},
"signature_version": "v1",
"digest": {
"length": 8298.0,
"function_hash": "297676261437184694016835715520667960776"
},
"signature_type": "Function",
"id": "CVE-2016-9572-238d320f"
},
{
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"deprecated": false,
"target": {
"file": "src/bin/jp2/convertbmp.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"318264711267618518751963823025624787858",
"255363180696734635951214510385402174049",
"309841295499363486108133483116972563936",
"14561951267035938107675197466098701316",
"15639637573197209635959170013101441935"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2016-9572-244fc7ff"
},
{
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"deprecated": false,
"target": {
"file": "src/bin/jp2/opj_decompress.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"228490326070881309985403427500286322939",
"17687366975017735657591238761002032239",
"239581916029237176554430048550513987813",
"212174472147716699098750234530926059957"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2016-9572-31a54708"
},
{
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"deprecated": false,
"target": {
"file": "src/bin/jp2/convert.c",
"function": "imagetopnm"
},
"signature_version": "v1",
"digest": {
"length": 5536.0,
"function_hash": "253581360288918369994768571986053002378"
},
"signature_type": "Function",
"id": "CVE-2016-9572-524a6142"
},
{
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"deprecated": false,
"target": {
"file": "src/lib/openjp2/j2k.c",
"function": "opj_j2k_decode"
},
"signature_version": "v1",
"digest": {
"length": 1055.0,
"function_hash": "33275239114353805521079340080330716201"
},
"signature_type": "Function",
"id": "CVE-2016-9572-5e356f67"
},
{
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"deprecated": false,
"target": {
"file": "src/bin/jp2/convert.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"80315732206355359049050769247888656091",
"183763278690463407009818878414944039954",
"62822351838568414076055483728315566222",
"122396704176018901594857699730273313546",
"262148574508447972117312429828193579183",
"136706975510943855203607052440698341936",
"193612096258726163727787347278234715483",
"47142360348409988863822996383906422293",
"52030118202603584211358048115811922219",
"190010574521500998074619833611306749941",
"111072910875417164785446644371401396370",
"153462369694004413846611341277916680725",
"257103834486202656738728233321824753304",
"72036359385383864535123877284098252703",
"203186649364705011118148340480887803902",
"339167995955655546575847274629792267207",
"161714677321586967482788935172220399570",
"190119430394339295500259979754348457523",
"36021345366885397673199063209432470823",
"12763122897174111320792906513163393472",
"139120114906283556372762204524320099530",
"230096631979752056642068377261925875985",
"308383285384679798260528084732020131797",
"91461493161587018849829739536973344207",
"242775405494858142976238549683244043885",
"284902547186276625068125661054229431110",
"265140894365009529774366330508618613646"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2016-9572-619e62ee"
},
{
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"deprecated": false,
"target": {
"file": "src/lib/openjp2/j2k.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"135871134447234627874245013138127965852",
"308005561986685042015028372656817408867",
"109625809900293282610397426434514288476",
"324530319344996584960719067886783000030",
"82526264930603096558269276368594977261",
"245830637960672274992287612575021189575",
"301571008654756861986195373651121103945",
"160900890564292618354247114135242261711",
"207179950201084715599855631176457646366",
"315164313095756400637091384970624751387",
"228743686273374863276121384749357185263",
"153686703996815414543249050234097436785",
"108237980005460661314357549048658353636",
"66907927412709611544060494845656412775",
"14182392715881408348973902011195640487"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2016-9572-9f24bb02"
},
{
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"deprecated": false,
"target": {
"file": "src/bin/jp2/convert.c",
"function": "imagetotga"
},
"signature_version": "v1",
"digest": {
"length": 2903.0,
"function_hash": "10145319696166922982477300412952557678"
},
"signature_type": "Function",
"id": "CVE-2016-9572-bbff2600"
},
{
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"deprecated": false,
"target": {
"file": "src/bin/jp2/convert.c",
"function": "imagetoraw_common"
},
"signature_version": "v1",
"digest": {
"length": 3477.0,
"function_hash": "273635315231797665313944944891916635209"
},
"signature_type": "Function",
"id": "CVE-2016-9572-c03ddbc6"
},
{
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"deprecated": false,
"target": {
"file": "src/bin/jp2/convertbmp.c",
"function": "imagetobmp"
},
"signature_version": "v1",
"digest": {
"length": 8515.0,
"function_hash": "275523838856146161356127068872183091878"
},
"signature_type": "Function",
"id": "CVE-2016-9572-c0ed7cde"
},
{
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"deprecated": false,
"target": {
"file": "src/lib/openjp2/j2k.c",
"function": "opj_j2k_read_siz"
},
"signature_version": "v1",
"digest": {
"length": 10011.0,
"function_hash": "63313544961116613434530705982078774213"
},
"signature_type": "Function",
"id": "CVE-2016-9572-d0d1abc4"
}
]
}