CVE-2016-3182

Published: 20 February 2020

The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
openjpeg2 Launchpad, Ubuntu, Debian	Upstream	Needs triage





	Ubuntu 16.04 ESM (Xenial Xerus)	Not vulnerable (code not present)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3182
http://www.openwall.com/lists/oss-security/2016/03/14/13
NVD
Launchpad
Debian

Bugs

https://github.com/uclouvain/openjpeg/issues/725
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818399

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›