Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2016-7163

Published: 21 September 2016

Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.

Notes

AuthorNote
ccdm94
vulnerable code introduced by commit b551844cc24.

Priority

Medium

Cvss 3 Severity Score

7.8

Score breakdown

Status

Package Release Status
openjpeg
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

precise Ignored
(end of life)
trusty Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
yakkety Ignored
(end of life)
zesty Does not exist

upstream
Released (2.1.2)
Patches:
upstream: https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4
upstream: https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24


openjpeg2
Launchpad, Ubuntu, Debian
artful
Released (2.1.1-1ubuntu0.1)
bionic
Released (2.1.1-1ubuntu0.1)
cosmic
Released (2.1.1-1ubuntu0.1)
disco
Released (2.1.1-1ubuntu0.1)
eoan
Released (2.1.1-1ubuntu0.1)
precise Does not exist

trusty Does not exist

xenial
Released (2.1.0-2.1ubuntu0.1)
yakkety
Released (2.1.1-1ubuntu0.1)
zesty
Released (2.1.1-1ubuntu0.1)
upstream
Released (2.1.2)
Patches:


upstream: https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4
upstream: https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24

Severity score breakdown

Parameter Value
Base score 7.8
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H