CVE-2016-9573

An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2ktoimage tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ],
            "cpe": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "7.3"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "7.4"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "7.3"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "7.4"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "7.5"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"
        }
    ]
}

References

Affected packages

Git / github.com/szukw000/openjpeg

Affected ranges

Type

GIT

Repo

https://github.com/szukw000/openjpeg

Events

Introduced

Fixed

7b28bd2b723df6be09fe7791eba33147c1c47d0d

Database specific

{
    "source": "REFERENCES"
}

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9573.json"

Git / github.com/uclouvain/openjpeg

Affected ranges

Type

GIT

Repo

https://github.com/uclouvain/openjpeg

Events

Introduced

Last affected

1f1e968269bbd7eaade7955892a6d8c281b91df2

Database specific

{
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:uclouvain:openjpeg:2.1.2:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1.2"
        }
    ]
}

Affected versions

v2.*

v2.1.1

v2.1.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9573.json"