6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.006 Low
EPSS
Percentile
77.8%
NULL pointer dereference vulnerabilities in the imagetopnm function in
convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function
in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0
allow remote attackers to cause a denial of service (application crash) via
crafted j2k files.
Author | Note |
---|---|
emitorino | Run the PoCs attached to the 4 issues in xenial and could not reproduce it |
github.com/uclouvain/openjpeg/issues/776
github.com/uclouvain/openjpeg/issues/784
github.com/uclouvain/openjpeg/issues/785
github.com/uclouvain/openjpeg/issues/792
launchpad.net/bugs/cve/CVE-2016-10505
nvd.nist.gov/vuln/detail/CVE-2016-10505
raw.githubusercontent.com/trylab/PoCs/master/openjpeg/SIGSEGV_Null-Pointer-Access_imagetopnm/poc.j2k
security-tracker.debian.org/tracker/CVE-2016-10505
www.cve.org/CVERecord?id=CVE-2016-10505
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.006 Low
EPSS
Percentile
77.8%