CVE-2016-10506

Published: 30 August 2017

Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.

From the Ubuntu security team

It was discovered that OpenJPEG incorrectly handled certain j2k files. A remote attacker could possibly use this issue to cause a denial of service.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
openjpeg2
Launchpad, Ubuntu, Debian
Upstream
Released (2.2.0)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(2.2.0-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.2.0-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.2.0-1)
Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

Patches:
Other: https://github.com/uclouvain/openjpeg/commit/d27ccf01c68a31ad62b33d2dc1ba2bb1eeaafe7b