MAGEIA-2016-362
A specially crafted JPEG2000 image file can force Out-Of-Bounds Read in opj_tcd_free_tile() (CVE-2016-3181). A specially crafted JPEG2000 image file can force Heap Corruption in opj_free() (CVE-2016-3182). A specially crafted JPEG2000 image file can force Out-Of-Bounds Read in sycc422_to_rgb() (CVE-2016-3183). OpenJPEG Heap Buffer Overflow in function color_cmyk_to_rgb() in color.c (CVE-2016-4796). OpenJPEG division-by-zero in function opj_tcd_init_tile() in tcd.c (CVE-2016-4797). Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data (CVE-2016-5157). Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write (CVE-2016-7163). convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s (CVE-2016-7445). A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution (CVE-2016-8332).
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mageia | ghostscript | 9.14-3.2.mga5, 0 |
| Mageia | openjpeg2 | 0, 2.1.2-1.mga5 |
Timeline
- Nov 3, 2016 CVE Updated
- Nov 3, 2016 CVE Published
- Mar 17, 2026 Distribution Patch
- Mar 17, 2026 Security Advisory
References
- Updated openjpeg2 packages fix security vulnerabilities exploit
- Updated openjpeg2 packages fix security vulnerabilities advisory
- Updated openjpeg2 packages fix security vulnerabilities exploit
- Updated openjpeg2 packages fix security vulnerabilities advisory
- Updated openjpeg2 packages fix security vulnerabilities issue
- Updated openjpeg2 packages fix security vulnerabilities issue
- Updated openjpeg2 packages fix security vulnerabilities issue
- Updated openjpeg2 packages fix security vulnerabilities issue
- Updated openjpeg2 packages fix security vulnerabilities issue