8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.003 Low
EPSS
Percentile
70.0%
An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the
j2k_to_image tool. Converting a specially crafted JPEG2000 file to another
format could cause the application to crash or, potentially, disclose some
data from the heap.
Author | Note |
---|---|
ccdm94 | It seems like commit a817832c223 (szukw000:AFL_PATCH_0) was the final commit created by a contributor in order to fix this issue. This commit contains the changes in commit 7b28bd2b723 (szukw000:863-862) which originally attempts to fix this issue. Commit a817832c223 (pull request 895 for more information) contains the changes in commit 7b28bd2b723, which fixes more than just issues 862 and 863. This commit, however, was never merged and issue 892, related to this CVE, was instead fixed by another commit: 2fa0fc61f2d (which seems to have introduced a regression, fixed by 784d4d47e97). |
eslerm | upstream patches are also for issue 970 |
github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d
github.com/uclouvain/openjpeg/issues/862
github.com/uclouvain/openjpeg/issues/970
launchpad.net/bugs/cve/CVE-2016-9573
nvd.nist.gov/vuln/detail/CVE-2016-9573
security-tracker.debian.org/tracker/CVE-2016-9573
www.cve.org/CVERecord?id=CVE-2016-9573
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.003 Low
EPSS
Percentile
70.0%