CVE-2016-9581

2018-08-0100:00:00

ubuntu.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.7%

JSON

An infinite loop vulnerability in tiftoimage that results in heap buffer
overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.

Notes

Author	Note
ccdm94	It seems like commit a817832c223 (szukw000:AFL_PATCH_0) was the final commit created by a contributor in order to fix this issue. This commit contains the changes in commit cadff5fb6e7 (szukw000:ISSUE-871-872) which originally attempts to fix this issue. Commit a817832c223 (pull request 895 for more information) contains the changes in commit cadff5fb6e7, which fixes more than just this issue. Commit a817832c223 was never merged, however, and instead, was broken down into various other commits by upstream, and those were merged instead. These commits are the following: 178194c0934, 6c4e5bacb9d, 820fcfe8bb1, e03e9474667, c5bf5ef4d65 and 16aeb9282f6, which are all referenced in pull request 895 (not merged, but the previously mentioned commits reference this PR and therefore their links can be accessed through it). Parts of commit a817832c223 have also been refactored and added to commit 0394f8d0f1c, which was actually merged. This commit might also contain changes which contribute to fixing this issue. However, do note that this last commit introduced regressions, and further changes had to be made in order to fix those. More can be seen in pull request 975. The patches that fix this issue are also related to CVE-2016-9572.

Author

Note

ccdm94

It seems like commit a817832c223 (szukw000:AFL_PATCH_0) was the final commit created by a contributor in order to fix this issue. This commit contains the changes in commit cadff5fb6e7 (szukw000:ISSUE-871-872) which originally attempts to fix this issue. Commit a817832c223 (pull request 895 for more information) contains the changes in commit cadff5fb6e7, which fixes more than just this issue. Commit a817832c223 was never merged, however, and instead, was broken down into various other commits by upstream, and those were merged instead. These commits are the following: 178194c0934, 6c4e5bacb9d, 820fcfe8bb1, e03e9474667, c5bf5ef4d65 and 16aeb9282f6, which are all referenced in pull request 895 (not merged, but the previously mentioned commits reference this PR and therefore their links can be accessed through it). Parts of commit a817832c223 have also been refactored and added to commit 0394f8d0f1c, which was actually merged. This commit might also contain changes which contribute to fixing this issue. However, do note that this last commit introduced regressions, and further changes had to be made in order to fix those. More can be seen in pull request 975. The patches that fix this issue are also related to CVE-2016-9572.