Vulnerabilities > CVE-2016-9573 - Out-of-bounds Read vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
HIGH Summary
An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2016-89EE54C661.NASL description This update fixes CVE-2016-9580 and CVE-2016-9581. ---- This update adds a patch to fix CVE-2016-9573 and CVE-2016-9572. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-01-03 plugin id 96211 published 2017-01-03 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96211 title Fedora 25 : mingw-openjpeg2 (2016-89ee54c661) NASL family Fedora Local Security Checks NASL id FEDORA_2016-FC8577BF00.NASL description This updates adds a patch to fix CVE-2016-9573 and CVE-2016-9572. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-12-12 plugin id 95692 published 2016-12-12 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95692 title Fedora 25 : openjpeg2 (2016-fc8577bf00) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3768.NASL description Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression / decompression library, may result in denial of service or the execution of arbitrary code if a malformed JPEG 2000 file is processed. last seen 2020-06-01 modified 2020-06-02 plugin id 96667 published 2017-01-23 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96667 title Debian DSA-3768-1 : openjpeg2 - security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-3270-1.NASL description This update for openjpeg2 fixes the following issues : - CVE-2016-9114: NULL pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740] - CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741] - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975] - CVE-2016-9117: NULL pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743] - CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] - CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] - CVE-2016-9116: NULL pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742] - CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] - CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543] - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] - CVE-2016-7445: NULL pointer dereference in convert.c could lead to crash [bsc#999817] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 96147 published 2016-12-27 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96147 title SUSE SLED12 / SLES12 Security Update : openjpeg2 (SUSE-SU-2016:3270-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1060.NASL description According to the versions of the openjpeg package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) - An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573) - A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-10 modified 2017-05-01 plugin id 99905 published 2017-05-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99905 title EulerOS 2.0 SP2 : openjpeg (EulerOS-SA-2017-1060) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2017-279-02.NASL description New openjpeg packages are available for Slackware 14.2 and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 103704 published 2017-10-09 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/103704 title Slackware 14.2 / current : openjpeg (SSA:2017-279-02) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-0838.NASL description From Red Hat Security Advisory 2017:0838 : An update for openjpeg is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es) : * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) * An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573) * A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675) Red Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security). last seen 2020-06-01 modified 2020-06-02 plugin id 97907 published 2017-03-23 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97907 title Oracle Linux 7 : openjpeg (ELSA-2017-0838) NASL family Fedora Local Security Checks NASL id FEDORA_2016-0B80DCFE5A.NASL description This updates adds a patch to fix CVE-2016-9573 and CVE-2016-9572. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-12-12 plugin id 95669 published 2016-12-12 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95669 title Fedora 24 : openjpeg2 (2016-0b80dcfe5a) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1088.NASL description According to the versions of the openjpeg package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) - An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573) - A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-03 modified 2017-06-09 plugin id 100683 published 2017-06-09 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100683 title EulerOS 2.0 SP1 : openjpeg (EulerOS-SA-2017-1088) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2017-0838.NASL description An update for openjpeg is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es) : * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) * An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573) * A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675) Red Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security). last seen 2020-06-01 modified 2020-06-02 plugin id 99041 published 2017-03-30 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99041 title CentOS 7 : openjpeg (CESA-2017:0838) NASL family Virtuozzo Local Security Checks NASL id VIRTUOZZO_VZLSA-2017-0838.NASL description An update for openjpeg is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es) : * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) * An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573) * A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675) Red Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security). Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-10 modified 2017-07-13 plugin id 101442 published 2017-07-13 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101442 title Virtuozzo 7 : openjpeg / openjpeg-devel / openjpeg-libs (VZLSA-2017-0838) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-120.NASL description This update for openjpeg2 fixes the following issues : - CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543] - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975] - CVE-2016-7445: NULL pointer dereference in convert.c could lead to crash [bsc#999817] - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] - CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] - CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] - CVE-2016-9114: NULL pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740] - CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741] - CVE-2016-9116: NULL pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742] - CVE-2016-9117: NULL pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743] - CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] last seen 2020-06-05 modified 2017-01-20 plugin id 96646 published 2017-01-20 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96646 title openSUSE Security Update : openjpeg2 (openSUSE-2017-120) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-101.NASL description This update for openjpeg2 fixes the following issues : - CVE-2016-9114: NULL pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740] - CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741] - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975] - CVE-2016-9117: NULL pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743] - CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] - CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] - CVE-2016-9116: NULL pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742] - CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] - CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543] - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] - CVE-2016-7445: NULL pointer dereference in convert.c could lead to crash [bsc#999817] This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-06-05 modified 2017-01-18 plugin id 96577 published 2017-01-18 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96577 title openSUSE Security Update : openjpeg2 (openSUSE-2017-101) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201710-26.NASL description The remote host is affected by the vulnerability described in GLSA-201710-26 (OpenJPEG: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenJPEG. Please review the references below for details. Impact : A remote attacker, via a crafted BMP, PDF, or j2k document, could execute arbitrary code, cause a Denial of Service condition, or have other unspecified impacts. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 104069 published 2017-10-23 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104069 title GLSA-201710-26 : OpenJPEG: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2016-52A1B18397.NASL description This update fixes CVE-2016-9580 and CVE-2016-9581. ---- This update adds a patch to fix CVE-2016-9573 and CVE-2016-9572. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-01-03 plugin id 96202 published 2017-01-03 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96202 title Fedora 24 : mingw-openjpeg2 (2016-52a1b18397) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-108.NASL description This update for openjpeg2 fixes the following issues : - CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543] - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975] - CVE-2016-7445: NULL pointer dereference in convert.c could lead to crash [bsc#999817] - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] - CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] - CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] - CVE-2016-9114: NULL pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740] - CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741] - CVE-2016-9116: NULL pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742] - CVE-2016-9117: NULL pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743] - CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] last seen 2020-06-05 modified 2017-01-18 plugin id 96580 published 2017-01-18 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96580 title openSUSE Security Update : openjpeg2 (openSUSE-2017-108) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-0838.NASL description An update for openjpeg is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es) : * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) * An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573) * A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675) Red Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security). last seen 2020-06-01 modified 2020-06-02 plugin id 97911 published 2017-03-23 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97911 title RHEL 7 : openjpeg (RHSA-2017:0838) NASL family Scientific Linux Local Security Checks NASL id SL_20170322_OPENJPEG_ON_SL7_X.NASL description Security Fix(es) : - Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) - An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573) - A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675) last seen 2020-03-18 modified 2017-03-24 plugin id 97935 published 2017-03-24 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97935 title Scientific Linux Security Update : openjpeg on SL7.x x86_64 (20170322)
Redhat
| advisories |
| ||||
| rpms |
|
References
- https://github.com/uclouvain/openjpeg/issues/862
- https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573
- https://www.debian.org/security/2017/dsa-3768
- https://security.gentoo.org/glsa/201710-26
- http://www.securityfocus.com/bid/97073
- http://rhn.redhat.com/errata/RHSA-2017-0838.html