Vulnerability Description
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Uclouvain | Openjpeg | 2.1.2 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/109233
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572ExploitIssue TrackingPatch
- https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c4PatchThird Party Advisory
- https://github.com/uclouvain/openjpeg/issues/863ExploitThird Party Advisory
- https://security.gentoo.org/glsa/201710-26Third Party Advisory
- https://www.debian.org/security/2017/dsa-3768Third Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- http://www.securityfocus.com/bid/109233
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572ExploitIssue TrackingPatch
- https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c4PatchThird Party Advisory
- https://github.com/uclouvain/openjpeg/issues/863ExploitThird Party Advisory
- https://security.gentoo.org/glsa/201710-26Third Party Advisory
- https://www.debian.org/security/2017/dsa-3768Third Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
FAQ
What is CVE-2016-9572?
CVE-2016-9572 is a vulnerability with a CVSS score of 5.9 (MEDIUM). A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjp...
How severe is CVE-2016-9572?
CVE-2016-9572 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9572?
Check the references section above for vendor advisories and patch information. Affected products include: Uclouvain Openjpeg, Debian Debian Linux.