CVE-2016-10506

Published: 30 August 2017

Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.

From the Ubuntu security team

It was discovered that OpenJPEG incorrectly handled certain j2k files. A remote attacker could possibly use this issue to cause a denial of service.

Priority

CVSS 3 base score: 6.5

Status

Package	Release	Status
ghostscript Launchpad, Ubuntu, Debian	Upstream	Needs triage
	Ubuntu 21.04 (Hirsute Hippo)	Not vulnerable (uses system openjpeg2)
	Ubuntu 20.10 (Groovy Gorilla)	Not vulnerable (uses system openjpeg2)
	Ubuntu 20.04 LTS (Focal Fossa)	Not vulnerable (uses system openjpeg2)
	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (9.26~dfsg+0-0ubuntu0.18.04.13)
	Ubuntu 16.04 LTS (Xenial Xerus)	Not vulnerable (9.26~dfsg+0-0ubuntu0.16.04.13)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
openjpeg Launchpad, Ubuntu, Debian	Upstream	Needs triage
	Ubuntu 21.04 (Hirsute Hippo)	Does not exist
	Ubuntu 20.10 (Groovy Gorilla)	Does not exist
	Ubuntu 20.04 LTS (Focal Fossa)	Does not exist
	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist
	Ubuntu 16.04 LTS (Xenial Xerus)	Needs triage
	Ubuntu 14.04 ESM (Trusty Tahr)	Needs triage
openjpeg2 Launchpad, Ubuntu, Debian	Upstream	Released (2.2.0)
	Ubuntu 21.04 (Hirsute Hippo)	Not vulnerable (2.2.0-1)
	Ubuntu 20.10 (Groovy Gorilla)	Not vulnerable (2.2.0-1)
	Ubuntu 20.04 LTS (Focal Fossa)	Not vulnerable (2.2.0-1)
	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (2.2.0-1)
	Ubuntu 16.04 LTS (Xenial Xerus)	Needed
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
	Patches: Other: https://github.com/uclouvain/openjpeg/commit/d27ccf01c68a31ad62b33d2dc1ba2bb1eeaafe7b

CVE-2016-10506

From the Ubuntu security team

Medium

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading