CVE-2016-9675

Опубликовано: 22 дек. 2016

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.

Ссылки

http://rhn.redhat.com/errata/RHSA-2017-0559.html
Patch
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0838.html
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/11/29/7
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/94589
Third Party Advisory
VDB Entry
http://rhn.redhat.com/errata/RHSA-2017-0559.html
Patch
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0838.html
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/11/29/7
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/94589
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*

Версия до 1.5.2 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00797

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2016-9675

CVSS3: 7.8

ubuntu

почти 9 лет назад

openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.

CVE-2016-9675

CVSS3: 7.5

redhat

около 9 лет назад

openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.

CVE-2016-9675

CVSS3: 7.8

debian

почти 9 лет назад

openjpeg: A heap-based buffer overflow flaw was found in the patch for ...

GHSA-6xgj-8663-75f9

CVSS3: 7.8

github

больше 3 лет назад

openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.

ELSA-2017-0559

oracle-oval

больше 8 лет назад

ELSA-2017-0559: openjpeg security update (MODERATE)

EPSS

Процентиль: 73%

0.00797

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787