CVE-2016-9675
HIGHOpenJPEG - Heap-Based Buffer Overflow via Crafted J2K Image
Title source: llmDescription
openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.
References (4)
Core 4
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/11/29/7
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94589
Patch, Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0559.html
Patch, Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0838.html
Scores
CVSS v3
7.8
EPSS
0.0190
EPSS Percentile
77.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (11)
redhat/enterprise_linux
6.0
redhat/enterprise_linux
7.0
redhat/enterprise_linux
7.3
redhat/enterprise_linux
7.4
redhat/enterprise_linux
7.5
redhat/enterprise_linux
7.6
redhat/enterprise_linux
7.7
redhat/enterprise_linux_for_ibm_z_systems
6.0
redhat/enterprise_linux_for_power_big_endian
6.0
redhat/enterprise_linux_for_scientific_computing
6.0
... and 1 more
Published
Dec 22, 2016
Tracked Since
Feb 18, 2026