CVE-2016-9573 — Vulnetix

Try Vulnetix Request Demo

CVE-2016-9573 PUBLISHED

An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.

EPSS 1.06% · 77.5th percentile

Risk Scores

EPSS Score

1.06%

77.5th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:14.04:LTS	openjpeg	0, 1.3+dfsg-4.6ubuntu2, 1.3+dfsg-4.7ubuntu1
Ubuntu:16.04:LTS	openjpeg2	0, 2.1.0-2.1, 2.1.0-2.1ubuntu0.1
Ubuntu:Pro:16.04:LTS	openjpeg	0, 1:1.5.2-3.1, 1:1.5.2-3.1ubuntu0.1~esm2

Timeline

Sep 25, 2017 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2016-9573 third-party-advisory
https://github.com/uclouvain/openjpeg/issues/862 third-party-advisory
https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d third-party-advisory
https://github.com/uclouvain/openjpeg/issues/970 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2016-9573 third-party-advisory

Open in Interactive Console →