Vulnerability Description
openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Uclouvain | Openjpeg | < 1.5.2 |
| Redhat | Enterprise Linux | 6.0 |
| Redhat | Enterprise Linux For Ibm Z Systems | 6.0 |
| Redhat | Enterprise Linux For Power Big Endian | 6.0 |
| Redhat | Enterprise Linux For Scientific Computing | 6.0 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2017-0559.htmlPatchThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-0838.htmlPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/11/29/7Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/94589Third Party AdvisoryVDB Entry
- http://rhn.redhat.com/errata/RHSA-2017-0559.htmlPatchThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-0838.htmlPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/11/29/7Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/94589Third Party AdvisoryVDB Entry
FAQ
What is CVE-2016-9675?
CVE-2016-9675 is a vulnerability with a CVSS score of 7.8 (HIGH). openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.
How severe is CVE-2016-9675?
CVE-2016-9675 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9675?
Check the references section above for vendor advisories and patch information. Affected products include: Uclouvain Openjpeg, Redhat Enterprise Linux, Redhat Enterprise Linux For Ibm Z Systems, Redhat Enterprise Linux For Power Big Endian, Redhat Enterprise Linux For Scientific Computing.