CVE-2016-7445
Published: 3 October 2016
convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.
Notes
Author | Note |
---|---|
ccdm94 | it seems like the official patch for this issue is the one in commit f053508f6, however, in openjpeg xenial seems to not be vulnerable because another patch has been applied to it, the one available at https://github.com/uclouvain/openjpeg/files/ 478630/openjpeg-nullptr-github-issue-842.ppm-dif.txt. |
Priority
Status
Package | Release | Status |
---|---|---|
openjpeg2 Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
kinetic |
Not vulnerable
(2.1.2-1)
|
|
lunar |
Not vulnerable
(2.1.2-1)
|
|
bionic |
Not vulnerable
(2.1.2-1)
|
|
focal |
Not vulnerable
(2.1.2-1)
|
|
jammy |
Not vulnerable
(2.1.2-1)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.1.2)
|
|
xenial |
Released
(2.1.2-1.1+deb9u2build0.1)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
mantic |
Not vulnerable
(2.1.2-1)
|
|
Patches: upstream: https://github.com/uclouvain/openjpeg/commit/f053508f6fc26aa95839f747bc7cbf257bd43996 other: https://github.com/uclouvain/openjpeg/files/478630/openjpeg-nullptr-github-issue-842.ppm-dif.txt |
||
openjpeg Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
trusty |
Needed
|
|
upstream |
Released
(2.1.2)
|
|
xenial |
Released
(1:1.5.2-3.1ubuntu0.1~esm2)
Available with Ubuntu Pro |
|
mantic |
Does not exist
|
|
Patches: upstream: https://github.com/uclouvain/openjpeg/commit/f053508f6fc26aa95839f747bc7cbf257bd43996 other: https://github.com/uclouvain/openjpeg/files/478630/openjpeg-nullptr-github-issue-842.ppm-dif.txt |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |