7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
71.8%
There is a NULL Pointer Access in function imagetopnm of
convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not
assigned a value after initialization(NULL). Impact is Denial of Service.
Author | Note |
---|---|
ccdm94 | According to comments in issue 863 (related to CVE-2016-9572), https://github.com/uclouvain/openjpeg/issues/863#issuecomment-258071962 to be more specific, and the changes in commit 2fa0fc61f2d, which fixes 862, it seems like this issue might be fixed by commit 2fa0fc61f2d (this commit, however, seems to be incomplete, and this is fixed by additionally adding 784d4d47e97). |
eslerm | in addition to 2fa0fc6 and 784d4d4, c22cbd8 and 00f4568 was applied to this set of CVEs note that 00f4568 is part of 0394f8d |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
71.8%