CVE-2016-9580

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-9580

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9580.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-9580

Downstream

DEBIAN-CVE-2016-9580

ECHO-4a9c-630d-cc06

SUSE-SU-2016:3270-1

UBUNTU-CVE-2016-9580

openSUSE-SU-2017:2567-1

Related

Published

2018-08-01T16:29:00Z

Modified

2025-09-16T06:36:01.110164Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.

References

Affected packages

Alpine:v3.10

openjpeg

Package

Name: openjpeg
Purl: pkg:apk/alpine/openjpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-r1

Affected versions

1.*

1.3-r0

1.3-r1

1.5.0-r1

1.5.0-r2

1.5.1-r0

1.5.1-r1

2.*

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.1.1-r1

2.1.2-r0

Alpine:v3.11

openjpeg

Package

Name: openjpeg
Purl: pkg:apk/alpine/openjpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-r1

Affected versions

1.*

1.3-r0

1.3-r1

1.5.0-r1

1.5.0-r2

1.5.1-r0

1.5.1-r1

2.*

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.1.1-r1

2.1.2-r0

Alpine:v3.12

openjpeg

Package

Name: openjpeg
Purl: pkg:apk/alpine/openjpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-r1

Affected versions

1.*

1.3-r0

1.3-r1

1.5.0-r1

1.5.0-r2

1.5.1-r0

1.5.1-r1

2.*

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.1.1-r1

2.1.2-r0

Alpine:v3.13

openjpeg

Package

Name: openjpeg
Purl: pkg:apk/alpine/openjpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-r1

Affected versions

1.*

1.3-r0

1.3-r1

1.5.0-r1

1.5.0-r2

1.5.1-r0

1.5.1-r1

2.*

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.1.1-r1

2.1.2-r0

Alpine:v3.14

openjpeg

Package

Name: openjpeg
Purl: pkg:apk/alpine/openjpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-r1

Affected versions

1.*

1.3-r0

1.3-r1

1.5.0-r1

1.5.0-r2

1.5.1-r0

1.5.1-r1

2.*

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.1.1-r1

2.1.2-r0

Alpine:v3.15

openjpeg

Package

Name: openjpeg
Purl: pkg:apk/alpine/openjpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-r1

Affected versions

1.*

1.3-r0

1.3-r1

1.5.0-r1

1.5.0-r2

1.5.1-r0

1.5.1-r1

2.*

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.1.1-r1

2.1.2-r0

Alpine:v3.16

openjpeg

Package

Name: openjpeg
Purl: pkg:apk/alpine/openjpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-r1

Affected versions

1.*

1.3-r0

1.3-r1

1.5.0-r1

1.5.0-r2

1.5.1-r0

1.5.1-r1

2.*

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.1.1-r1

2.1.2-r0

Alpine:v3.17

openjpeg

Package

Name: openjpeg
Purl: pkg:apk/alpine/openjpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-r1

Affected versions

1.*

1.3-r0

1.3-r1

1.5.0-r1

1.5.0-r2

1.5.1-r0

1.5.1-r1

2.*

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.1.1-r1

2.1.2-r0

Alpine:v3.18

openjpeg

Package

Name: openjpeg
Purl: pkg:apk/alpine/openjpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-r1

Affected versions

1.*

1.3-r0

1.3-r1

1.5.0-r1

1.5.0-r2

1.5.1-r0

1.5.1-r1

2.*

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.1.1-r1

2.1.2-r0

Alpine:v3.19

openjpeg

Package

Name: openjpeg
Purl: pkg:apk/alpine/openjpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-r1

Affected versions

1.*

1.3-r0

1.3-r1

1.5.0-r1

1.5.0-r2

1.5.1-r0

1.5.1-r1

2.*

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.1.1-r1

2.1.2-r0

Alpine:v3.2

openjpeg

Package

Name: openjpeg
Purl: pkg:apk/alpine/openjpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-r1

Affected versions

1.*

1.3-r0

1.3-r1

1.5.0-r1

1.5.0-r2

1.5.1-r0

1.5.1-r1

2.*

2.1.0-r0

2.1.0-r1

2.1.2-r0

Alpine:v3.20

openjpeg

Package

Name: openjpeg
Purl: pkg:apk/alpine/openjpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-r1

Affected versions

1.*

1.3-r0

1.3-r1

1.5.0-r1

1.5.0-r2

1.5.1-r0

1.5.1-r1

2.*

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.1.1-r1

2.1.2-r0

Alpine:v3.21

openjpeg

Package

Name: openjpeg
Purl: pkg:apk/alpine/openjpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-r1

Affected versions

1.*

1.3-r0

1.3-r1

1.5.0-r1

1.5.0-r2

1.5.1-r0

1.5.1-r1

2.*

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.1.1-r1

2.1.2-r0

Alpine:v3.22

openjpeg

Package

Name: openjpeg
Purl: pkg:apk/alpine/openjpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-r1

Affected versions

1.*

1.3-r0

1.3-r1

1.5.0-r1

1.5.0-r2

1.5.1-r0

1.5.1-r1

2.*

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.1.1-r1

2.1.2-r0

Alpine:v3.3

openjpeg

Package

Name: openjpeg
Purl: pkg:apk/alpine/openjpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-r1

Affected versions

1.*

1.3-r0

1.3-r1

1.5.0-r1

1.5.0-r2

1.5.1-r0

1.5.1-r1

2.*

2.1.0-r0

2.1.0-r1

2.1.2-r0

Alpine:v3.4

openjpeg

Package

Name: openjpeg
Purl: pkg:apk/alpine/openjpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-r1

Affected versions

1.*

1.3-r0

1.3-r1

1.5.0-r1

1.5.0-r2

1.5.1-r0

1.5.1-r1

2.*

2.1.0-r0

2.1.0-r1

2.1.2-r0

Alpine:v3.5

openjpeg

Package

Name: openjpeg
Purl: pkg:apk/alpine/openjpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-r1

Affected versions

1.*

1.3-r0

1.3-r1

1.5.0-r1

1.5.0-r2

1.5.1-r0

1.5.1-r1

2.*

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.1.1-r1

2.1.2-r0

Alpine:v3.6

openjpeg

Package

Name: openjpeg
Purl: pkg:apk/alpine/openjpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-r1

Affected versions

1.*

1.3-r0

1.3-r1

1.5.0-r1

1.5.0-r2

1.5.1-r0

1.5.1-r1

2.*

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.1.1-r1

2.1.2-r0

Alpine:v3.7

openjpeg

Package

Name: openjpeg
Purl: pkg:apk/alpine/openjpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-r1

Affected versions

1.*

1.3-r0

1.3-r1

1.5.0-r1

1.5.0-r2

1.5.1-r0

1.5.1-r1

2.*

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.1.1-r1

2.1.2-r0

Alpine:v3.8

openjpeg

Package

Name: openjpeg
Purl: pkg:apk/alpine/openjpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-r1

Affected versions

1.*

1.3-r0

1.3-r1

1.5.0-r1

1.5.0-r2

1.5.1-r0

1.5.1-r1

2.*

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.1.1-r1

2.1.2-r0

Alpine:v3.9

openjpeg

Package

Name: openjpeg
Purl: pkg:apk/alpine/openjpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-r1

Affected versions

1.*

1.3-r0

1.3-r1

1.5.0-r1

1.5.0-r2

1.5.1-r0

1.5.1-r1

2.*

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.1.1-r1

2.1.2-r0

Debian:11

openjpeg2

Package

Name: openjpeg2
Purl: pkg:deb/debian/openjpeg2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.0-3

2.4.0-3+deb11u1

2.4.0-4

2.4.0-5

2.4.0-6

2.5.0-1

2.5.0-2~hurd.1

2.5.0-2

2.5.3-1~exp1

2.5.3-1~exp2

2.5.3-1

2.5.3-2

2.5.3-2.1~deb13u1

2.5.3-2.1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12

openjpeg2

Package

Name: openjpeg2
Purl: pkg:deb/debian/openjpeg2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.5.0-2

2.5.0-2+deb12u1

2.5.0-2+deb12u2

2.5.3-1~exp1

2.5.3-1~exp2

2.5.3-1

2.5.3-2

2.5.3-2.1~deb13u1

2.5.3-2.1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13

openjpeg2

Package

Name: openjpeg2
Purl: pkg:deb/debian/openjpeg2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.5.3-2

2.5.3-2.1~deb13u1

2.5.3-2.1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:14

openjpeg2

Package

Name: openjpeg2
Purl: pkg:deb/debian/openjpeg2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.5.3-2

2.5.3-2.1~deb13u1

2.5.3-2.1

Ecosystem specific

{
    "urgency": "unimportant"
}

Git

github.com/szukw000/openjpeg

Affected ranges

Type: GIT
Repo: https://github.com/szukw000/openjpeg
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

cadff5fb6e73398de26a92e96d3d7cac893af255

Type: GIT
Repo: https://github.com/uclouvain/openjpeg
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1f1e968269bbd7eaade7955892a6d8c281b91df2

Affected versions

v2.*

v2.1.1

v2.1.2

Database specific

{
    "vanir_signatures": [
        {
            "source": "https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255",
            "signature_type": "Function",
            "target": {
                "file": "src/bin/jp2/converttif.c",
                "function": "tiftoimage"
            },
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "function_hash": "317079937281538815993112337419609533839",
                "length": 5013.0
            },
            "id": "CVE-2016-9580-3e1a0616"
        },
        {
            "source": "https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255",
            "signature_type": "Function",
            "target": {
                "file": "src/bin/jp2/converttif.c",
                "function": "imagetotif"
            },
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "function_hash": "75384168179758307215913958996022469404",
                "length": 3855.0
            },
            "id": "CVE-2016-9580-acf3a211"
        },
        {
            "source": "https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255",
            "signature_type": "Line",
            "target": {
                "file": "src/bin/jp2/converttif.c"
            },
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "238251877731424898360099149325795582835",
                    "197265446377938595666886952516892763767",
                    "231897807650322997766719769940655117332",
                    "46026957450599929363219663079595681179",
                    "311395755534264161389688128137172159142",
                    "287025139395140735473875559373979026902",
                    "163708784233692179344514772890253843907",
                    "174394106705740669988334235228898379715",
                    "112977614278753944548917320986734595333",
                    "216215757886127372503793395833160486186",
                    "52956107098617001474185733941808167308",
                    "226490392422113580764943695050908180322",
                    "68251431459225111492233278918907325891",
                    "88402480827415101358446242395678299901",
                    "57511202523510630377416362634050980324",
                    "271517793718126932008919045424270685529",
                    "44289391948148806721683921220014783805",
                    "63228192074795279672317078141867677346",
                    "306998765449402132938911944603080210317",
                    "57056431648448895288047214121758094634",
                    "305177801564511599964035150970109040706",
                    "249894557450947605959136673462385149407",
                    "243451862713267555041185259141479305324",
                    "263418030796441589817261806907133602175",
                    "302052312557754129217744913296048814044",
                    "207168910225244010190480303672861772843",
                    "204950336797483910918268556699852002237",
                    "208327993978669144734939914322983518262",
                    "41952327641609555481277459676053322127",
                    "133112681564969175736499613024689407890",
                    "279499365524215107574481286949427747206",
                    "8091855587916317323809765056560585129",
                    "327438470370225769566419193778830375383",
                    "121294373205656260976095686952599107832",
                    "127628223134022226494381666690377763674",
                    "339470260250223655143201922301264494152",
                    "278367631218164331073167236722515446561",
                    "204577633356994884287924183343112230995",
                    "305387765995264470560572254493287819997",
                    "64901618391428631001062071617813723061",
                    "130087077414184990532502352947913458647",
                    "108748089868427517788677796051087955823",
                    "228056953512845786329174973548912492449",
                    "275231041057549739619116012639222351357",
                    "338565406206651071551959703058313633867",
                    "254922792106624874091106362280507660488",
                    "210112654939829488635626204299553525100",
                    "187886059695661737955238549441264359169",
                    "82166475026064775320431453907857042940",
                    "137389786316366403191170290358783525241",
                    "204729672608728106680496468166381376441",
                    "44014042099759508069331870500031756789",
                    "198017367191545786793345849381346046192",
                    "332499970396210863914541693348887415355",
                    "178746871428224665192848465778499736752",
                    "295330115883972837477730493790859904132",
                    "20221228619878862484648133719220307905",
                    "196632802611279338227274660940529882617",
                    "121177886584432295194060345178166487524",
                    "156200397480406555095600739821597568339",
                    "34844331068809100361556350160787722059",
                    "131476609723145445967739509907806257384",
                    "71455610642043398730078608473495807751",
                    "89037990163066950939397904101194689951",
                    "121177886584432295194060345178166487524",
                    "147820804959590508391972385759264388426",
                    "179461894082822844634571947376839006765",
                    "146644741593593236475723479522273282345",
                    "160911922676307836748283754410090817347",
                    "11797935973338244895338916617776622761",
                    "242993353135045960020007416443997953249",
                    "330000044493025776827744573939296160474",
                    "155064273055860644843933824621438814414",
                    "147153693768433285864003695230737047063",
                    "179408693680712458383580002999886193011",
                    "90309476032737987684091763031237518799",
                    "9314387211290534474686768928295629214",
                    "136698224535132741255390701462499657190",
                    "22691584782711891470748708663667755933",
                    "82182639238719141866045550649246790827",
                    "255971524585472517499306207424556872877",
                    "304521574039157984776507966929954957970",
                    "217786467542040064467207564438013965342",
                    "314803040081758730856678673896220052422",
                    "281993717603906591678918148713045022094",
                    "68732630068329377203846609269104985109",
                    "166832330700379666654507127329549538267",
                    "156182393910715867198218714394530679525",
                    "48453218537741827860388014654597181390",
                    "238355313059114426214444728499710981814",
                    "253578594366493850982725911787475215953",
                    "39295935496708815665124362321498415007",
                    "90426680968513001199522893460523338272",
                    "124506355986071723030130537400901874943",
                    "299778744362598592042556946575802184496",
                    "245479153847407873488294645838444922949",
                    "140077947741031022136714419456646420147",
                    "247874467927523006774134427636131375357",
                    "200412056641650269760954095114482322873",
                    "177577647566967564904524181246737550480"
                ]
            },
            "id": "CVE-2016-9580-bbdfaf7c"
        }
    ]
}