CVE-2016-7445

Опубликовано: 03 окт. 2016

Источник: debian

EPSS Низкий

Описание

convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
openjpeg2	fixed	2.1.2-1		package

Примечания

https://github.com/uclouvain/openjpeg/issues/843
PoC: https://github.com/STARLABSEC/pocs/raw/master/openjpeg-nullptr-github-issue-842.ppm
No code injection, function only exposed in the CLI tool

EPSS

Процентиль: 83%

0.02027

Низкий

Связанные уязвимости

CVE-2016-7445

CVSS3: 7.5

ubuntu

больше 9 лет назад

convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.

CVE-2016-7445

CVSS3: 7.5

nvd

больше 9 лет назад

convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.

openSUSE-SU-2016:2424-1

suse-cvrf

больше 9 лет назад

Security update for openjpeg

GHSA-vj8h-cvfh-v55g

CVSS3: 7.5

github

больше 3 лет назад

convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.

openSUSE-SU-2017:0207-1

suse-cvrf

около 9 лет назад

Security update for openjpeg2

EPSS

Процентиль: 83%

0.02027

Низкий