CVE-2016-9675
openjpeg: incorrect fix for CVE-2013-6045
Severity Score
Exploit Likelihood
Affected Versions
11Public Exploits
0Exploited in Wild
-Decision
Descriptions
openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.
openjpeg: Se ha descubierto un fallo de desbordamiento de búfer basado en memoria dinámica en el parche para CVE-2013-6045. Una imagen j2k manipulada puede provocar la caída de la aplicación, o potencialmente ejecutar código arbitrario.
A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause heap-based buffer overflows leading to a crash or possible code execution.
OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix: Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause heap-based buffer overflows leading to a crash or, potentially, arbitrary code execution.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-11-29 CVE Reserved
- 2016-12-22 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-securit... | Mailing List |
|
| http://www.securityfocus.com/bid/94589 | Third Party Advisory |
| URL | Date | SRC |
|---|