CVE-2016-9572
Published: 1 August 2018
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.
Notes
Author | Note |
---|---|
ccdm94 |
It seems like commit a817832c223 (szukw000:AFL_PATCH_0) was the final commit created by a contributor in order to fix this issue. This commit contains the changes in commit 7b28bd2b723 (szukw000:863-862) which originally attempts to fix this issue. Commit a817832c223 (pull request 895 for more information) contains the changes in commit 7b28bd2b723, which fixes more than just this issue. Commit a817832c223 was never merged, however, and instead, was broken down into various other commits by upstream, and those were merged instead. These commits are the following: 178194c0934, 6c4e5bacb9d, 820fcfe8bb1, e03e9474667, c5bf5ef4d65 and 16aeb9282f6, which are all referenced in pull request 895 (not merged, but the previously mentioned commits reference this PR and therefore their links can be accessed through it). Parts of commit a817832c223 have also been refactored and added to commit 0394f8d0f1c, which was actually merged. This commit might also contain changes which contribute to fixing this issue. However, do note that this last commit introduced regressions, and further changes had to be made in order to fix those. More can be seen in pull request 975. The patches that fix this issue are also related to CVE-2016-9580 and CVE-2016-9581. |
eslerm |
a non-upstream patch had previously been applied to openjpeg2 |
eslerm |
CVE-2016-{9572,9580,9581} use the same patch set CVE-2016-911{3..8} apply merge 0394f8d and commited afterwards |
Priority
Status
Package | Release | Status |
---|---|---|
openjpeg
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Ignored
(changes too intrusive)
|
|
upstream |
Released
(2.2.0)
|
|
xenial |
Ignored
(changes too intrusive)
|
|
Patches:
upstream: https://github.com/uclouvain/openjpeg/commit/178194c093422c9564efc41f9ecb5c630b43f723 upstream: https://github.com/uclouvain/openjpeg/commit/6c4e5bacb9d9791fc6ff074bd7958b3820d70514 upstream: https://github.com/uclouvain/openjpeg/commit/820fcfe8bb101a2862c076b02c9b6b636ce39d2f upstream: https://github.com/uclouvain/openjpeg/commit/e03e9474667e5117341351699f0b1dbb06f93346 upstream: https://github.com/uclouvain/openjpeg/commit/c5bf5ef4d6552e9159aaad29cb27826acd1a3389 upstream: https://github.com/uclouvain/openjpeg/commit/16aeb9282f6b3877aa8365c461ba8d3d1338adae |
||
openjpeg2
Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(2.3.0-1)
|
|
focal |
Not vulnerable
(2.3.1-1ubuntu4)
|
|
jammy |
Not vulnerable
(2.4.0-6)
|
|
kinetic |
Not vulnerable
(2.5.0-1)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.2.0, 2.1.2-1.1)
|
|
xenial |
Released
(2.1.2-1.1+deb9u2build0.1)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
Patches:
other: https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |