CVE-2016-9573
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-9573
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9573.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-9573
- Downstream
- Related
- Published
- 2018-08-01T06:29:00Z
- Modified
- 2025-10-15T04:33:41Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2ktoimage tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.
- References
-
- http://rhn.redhat.com/errata/RHSA-2017-0838.html
- http://www.securityfocus.com/bid/97073
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573
- https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d
- https://github.com/uclouvain/openjpeg/issues/862
- https://security.gentoo.org/glsa/201710-26
- https://www.debian.org/security/2017/dsa-3768
Affected packages
Git / github.com/szukw000/openjpeg
Affected ranges
- Type
- GIT
- Repo
- https://github.com/szukw000/openjpeg
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/uclouvain/openjpeg
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affected
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"signature_version": "v1",
"target": {
"function": "opj_j2k_get_tile",
"file": "src/lib/openjp2/j2k.c"
},
"digest": {
"function_hash": "193136940573119357836124800919983322157",
"length": 2850.0
},
"id": "CVE-2016-9573-22dc9f72"
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"signature_version": "v1",
"target": {
"function": "main",
"file": "src/bin/jp2/opj_decompress.c"
},
"digest": {
"function_hash": "297676261437184694016835715520667960776",
"length": 8298.0
},
"id": "CVE-2016-9573-238d320f"
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"signature_version": "v1",
"target": {
"file": "src/bin/jp2/convertbmp.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"318264711267618518751963823025624787858",
"255363180696734635951214510385402174049",
"309841295499363486108133483116972563936",
"14561951267035938107675197466098701316",
"15639637573197209635959170013101441935"
]
},
"id": "CVE-2016-9573-244fc7ff"
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"signature_version": "v1",
"target": {
"file": "src/bin/jp2/opj_decompress.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"228490326070881309985403427500286322939",
"17687366975017735657591238761002032239",
"239581916029237176554430048550513987813",
"212174472147716699098750234530926059957"
]
},
"id": "CVE-2016-9573-31a54708"
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"signature_version": "v1",
"target": {
"function": "imagetopnm",
"file": "src/bin/jp2/convert.c"
},
"digest": {
"function_hash": "253581360288918369994768571986053002378",
"length": 5536.0
},
"id": "CVE-2016-9573-524a6142"
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"signature_version": "v1",
"target": {
"function": "opj_j2k_decode",
"file": "src/lib/openjp2/j2k.c"
},
"digest": {
"function_hash": "33275239114353805521079340080330716201",
"length": 1055.0
},
"id": "CVE-2016-9573-5e356f67"
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"signature_version": "v1",
"target": {
"file": "src/bin/jp2/convert.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"80315732206355359049050769247888656091",
"183763278690463407009818878414944039954",
"62822351838568414076055483728315566222",
"122396704176018901594857699730273313546",
"262148574508447972117312429828193579183",
"136706975510943855203607052440698341936",
"193612096258726163727787347278234715483",
"47142360348409988863822996383906422293",
"52030118202603584211358048115811922219",
"190010574521500998074619833611306749941",
"111072910875417164785446644371401396370",
"153462369694004413846611341277916680725",
"257103834486202656738728233321824753304",
"72036359385383864535123877284098252703",
"203186649364705011118148340480887803902",
"339167995955655546575847274629792267207",
"161714677321586967482788935172220399570",
"190119430394339295500259979754348457523",
"36021345366885397673199063209432470823",
"12763122897174111320792906513163393472",
"139120114906283556372762204524320099530",
"230096631979752056642068377261925875985",
"308383285384679798260528084732020131797",
"91461493161587018849829739536973344207",
"242775405494858142976238549683244043885",
"284902547186276625068125661054229431110",
"265140894365009529774366330508618613646"
]
},
"id": "CVE-2016-9573-619e62ee"
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"signature_version": "v1",
"target": {
"file": "src/lib/openjp2/j2k.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"135871134447234627874245013138127965852",
"308005561986685042015028372656817408867",
"109625809900293282610397426434514288476",
"324530319344996584960719067886783000030",
"82526264930603096558269276368594977261",
"245830637960672274992287612575021189575",
"301571008654756861986195373651121103945",
"160900890564292618354247114135242261711",
"207179950201084715599855631176457646366",
"315164313095756400637091384970624751387",
"228743686273374863276121384749357185263",
"153686703996815414543249050234097436785",
"108237980005460661314357549048658353636",
"66907927412709611544060494845656412775",
"14182392715881408348973902011195640487"
]
},
"id": "CVE-2016-9573-9f24bb02"
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"signature_version": "v1",
"target": {
"function": "imagetotga",
"file": "src/bin/jp2/convert.c"
},
"digest": {
"function_hash": "10145319696166922982477300412952557678",
"length": 2903.0
},
"id": "CVE-2016-9573-bbff2600"
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"signature_version": "v1",
"target": {
"function": "imagetoraw_common",
"file": "src/bin/jp2/convert.c"
},
"digest": {
"function_hash": "273635315231797665313944944891916635209",
"length": 3477.0
},
"id": "CVE-2016-9573-c03ddbc6"
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"signature_version": "v1",
"target": {
"function": "imagetobmp",
"file": "src/bin/jp2/convertbmp.c"
},
"digest": {
"function_hash": "275523838856146161356127068872183091878",
"length": 8515.0
},
"id": "CVE-2016-9573-c0ed7cde"
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"signature_version": "v1",
"target": {
"function": "opj_j2k_read_siz",
"file": "src/lib/openjp2/j2k.c"
},
"digest": {
"function_hash": "63313544961116613434530705982078774213",
"length": 10011.0
},
"id": "CVE-2016-9573-d0d1abc4"
}
]