CVE-2016-9572

Published: January 8, 2018
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.
MEDIUM
CVSS v3: 5.9

Status

DocFilters Release Package State Justification Comment
25.1 openjpeg (2.5.0) Not Affected Code Not Present 2.5.0 does not match CVE configuration.
24.4 openjpeg (2.5.0) Not Affected Code Not Present 2.5.0 does not match CVE configuration.
24.4.0 openjpeg (2.5.0) Not Affected Code Not Present 2.5.0 does not match CVE configuration.
24.3 openjpeg (2.5.0) Not Affected Code Not Present 2.5.0 does not match CVE configuration.
24.2.1 openjpeg (2.5.0) Not Affected Code Not Present 2.5.0 does not match CVE configuration.
24.2 openjpeg (2.5.0) Not Affected Code Not Present 2.5.0 does not match CVE configuration.
24.1 openjpeg (2.5.0) Not Affected Code Not Present 2.5.0 does not match CVE configuration.
23.3 openjpeg (2.5.0) Not Affected Code Not Present 2.5.0 does not match CVE configuration.
23.2.1 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
23.2 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
23.1 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
22.4 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
22.3 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
22.2 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
22.1 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
21.11.1 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
21.11 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
21.8.1 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
21.8 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
21.5.1 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
21.5.0 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
21.2.0 openjpeg (2.4.0) Not Affected Code Not Present 2.4.0 does not match CVE configuration.
11.4.20 openjpeg (2.3.1) Not Affected Code Not Present 2.3.1 does not match CVE configuration.
11.4.19.3667 openjpeg (2.3.1) Not Affected Code Not Present 2.3.1 does not match CVE configuration.
11.4.18.3599 openjpeg (2.3.1) Not Affected Code Not Present 2.3.1 does not match CVE configuration.
11.4.17 openjpeg (2.3.1) Not Affected Code Not Present 2.3.1 does not match CVE configuration.
11.4.16.3445 openjpeg (2.3.1) Not Affected Code Not Present 2.3.1 does not match CVE configuration.
11.4.15.3368 openjpeg (2.3.1) Not Affected Code Not Present 2.3.1 does not match CVE configuration.
11.4.14.3263 openjpeg (2.3.0) Not Affected Code Not Present 2.3.0 does not match CVE configuration.
11.4.13.3179 openjpeg (2.3.0) Not Affected Code Not Present 2.3.0 does not match CVE configuration.
11.4.12.3054 openjpeg (2.3.0) Not Affected Code Not Present 2.3.0 does not match CVE configuration.
11.4.11.3040 openjpeg (2.3.0) Not Affected Code Not Present 2.3.0 does not match CVE configuration.
11.4.11.2990 openjpeg (2.3.0) Not Affected Code Not Present 2.3.0 does not match CVE configuration.
11.4.10.2934 openjpeg (2.3.0) Not Affected Code Not Present 2.3.0 does not match CVE configuration.
11.4.9.2878 openjpeg (2.3.0) Not Affected Code Not Present 2.3.0 does not match CVE configuration.

Severity score breakdown

Attack Complexity
HIGH
Attack Vector
NETWORK
Availability Impact
HIGH
Base Score
5.9
Base Severity
MEDIUM
Confidentiality Impact
NONE
Integrity Impact
NONE
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
NONE
Vector String
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Version
3.0

References