CVE-2016-9113
Published: 30 October 2016
There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.
Notes
| Author | Note |
|---|---|
| ccdm94 | Pull request 895 seems to be an initial attempt to fix this issue. However, pull request 895 was never merged, and instead, five issues which did not include issue 856 were fixed by various commits created by upstream (these can be seen in PR 895) which utilized part of what was being proposed in 895 by an openjpeg contributor. The changes proposed in 895 that were not added by the upstream commits previously mentioned were added to a new pull request, 975, which attempts to fix various issues. Looking at comments in issue 863 it was possible to verify that the fix for CVE-2016-9114 is possibly commit 2fa0fc61f2d (see CVE-2016-9114 for more details). This CVE mentions a vulnerability similar to the one we have here in CVE-2016-9113. Therefore, looking at the patch for CVE-2016-9114 and looking at the changes proposed by PR 975, it seems like the changes in this PR aim to address CVE-2016-9113 in a way similar to the one used to address CVE-2016-9114. PR 975 was merged, however, it introduced regressions. See PR in order to verify changes made after it was merged in order to fix introduced regressions if adding patch. |
| eslerm | this set of CVEs was patched with 2fa0fc6, 784d4d4, c22cbd8, and 00f4568 note that 00f4568 is part of 0394f8d |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
ghostscript Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not compiled)
|
| focal |
Not vulnerable
(uses system openjpeg2)
|
|
| groovy |
Not vulnerable
(uses system openjpeg2)
|
|
| hirsute |
Not vulnerable
(uses system openjpeg2)
|
|
| impish |
Not vulnerable
(uses system openjpeg2)
|
|
| jammy |
Not vulnerable
(uses system openjpeg2)
|
|
| kinetic |
Not vulnerable
(uses system openjpeg2)
|
|
| lunar |
Not vulnerable
(uses system openjpeg2)
|
|
| mantic |
Not vulnerable
(uses system openjpeg2)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not compiled)
|
|
|
openjpeg Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| trusty |
Ignored
(changes too intrusive)
|
|
| upstream |
Released
(2.2.0)
|
|
| xenial |
Ignored
(changes too intrusive)
|
|
|
Patches: upstream: https://github.com/uclouvain/openjpeg/commit/0394f8d0f1c981e0bc587beddc14d1fb0b265b1b |
||
|
openjpeg2 Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
| bionic |
Not vulnerable
(2.2.0-1)
|
|
| cosmic |
Not vulnerable
(2.2.0-1)
|
|
| disco |
Not vulnerable
(2.2.0-1)
|
|
| eoan |
Not vulnerable
(2.2.0-1)
|
|
| focal |
Not vulnerable
(2.2.0-1)
|
|
| groovy |
Not vulnerable
(2.2.0-1)
|
|
| hirsute |
Not vulnerable
(2.2.0-1)
|
|
| impish |
Not vulnerable
(2.2.0-1)
|
|
| jammy |
Not vulnerable
(2.2.0-1)
|
|
| kinetic |
Not vulnerable
(2.2.0-1)
|
|
| lunar |
Not vulnerable
(2.2.0-1)
|
|
| mantic |
Not vulnerable
(2.2.0-1)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.2.0)
|
|
| xenial |
Needed
|
|
| yakkety |
Ignored
(end of life)
|
|
| zesty |
Ignored
(end of life)
|
|
|
Patches: upstream: https://github.com/uclouvain/openjpeg/commit/0394f8d0f1c981e0bc587beddc14d1fb0b265b1b |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |