CVE-2016-9114
https://notcve.org/view.php?id=CVE-2016-9114
There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service. Hay un acceso a puntero NULL en la función imagetopnm de convert.c:1943(jp2) de OpenJPEG 2.1.2. image->comps[compno].data no se asigna un valor después de la inicialización (NULL). El impacto es de denegación de servicio. • http://www.securityfocus.com/bid/93979 https://github.com/uclouvain/openjpeg/issues/857 https://security.gentoo.org/glsa/201710-26 • CWE-476: NULL Pointer Dereference •
CVE-2016-9115
https://notcve.org/view.php?id=CVE-2016-9115
Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. Sobre lectura de búfer basado en memoria dinámica en la función imagetotga de convert.c(jp2):942 en OpenJPEG 2.1.2. El impacto es de denegación de servicio. • http://www.securityfocus.com/bid/93977 https://github.com/uclouvain/openjpeg/issues/858 https://security.gentoo.org/glsa/201710-26 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-9118
https://notcve.org/view.php?id=CVE-2016-9118
Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2. Desbordamiento de búfer basado en memoria dinámica (WRITE de tamaño 4) en la función pnmtoimage de convert.c:1719 en OpenJPEG 2.1.2. • http://www.debian.org/security/2017/dsa-4013 http://www.securityfocus.com/bid/93976 https://github.com/uclouvain/openjpeg/issues/861 https://security.gentoo.org/glsa/201710-26 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-9112
https://notcve.org/view.php?id=CVE-2016-9112
Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2. Floating Point Exception (también conocido como FPE o dividir entre cero) en la función opj_pi_next_cprl en openjp2/pi.c:523 en OpenJPEG 2.1.2. • http://www.securityfocus.com/bid/93978 https://github.com/uclouvain/openjpeg/issues/855 https://lists.debian.org/debian-lts-announce/2019/07/msg00010.html https://security.gentoo.org/glsa/201710-26 https://www.oracle.com/security-alerts/cpujul2020.html • CWE-369: Divide By Zero •
CVE-2016-7163 – openjpeg: Integer overflow in opj_pi_create_decode
https://notcve.org/view.php?id=CVE-2016-7163
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write. Desbordamiento de entero en la función opj_pi_create_decode en pi.c en OpenJPEG permite a atacantes remotos ejecutar código arbitrario a través de un archivo JP2 manipulado, lo que desencadena una lectura o escritura fuera de límites. An integer overflow, leading to a heap buffer overflow, was found in OpenJPEG. An attacker could create a crafted JPEG2000 image that, when loaded by an application using openjpeg, could lead to a crash or, potentially, code execution. • http://rhn.redhat.com/errata/RHSA-2017-0559.html http://rhn.redhat.com/errata/RHSA-2017-0838.html http://www.debian.org/security/2016/dsa-3665 http://www.openwall.com/lists/oss-security/2016/09/08/3 http://www.openwall.com/lists/oss-security/2016/09/08/6 http://www.securityfocus.com/bid/92897 https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4 https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24 https://github.com/uclouvain • CWE-190: Integer Overflow or Wraparound •