CVE-2016-10505

SOURCE - nist

Summary

NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.

EPSS Score⁠: 0.00581 (0.780)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-476⁠

NULL Pointer Dereference

SOURCE - redhat

CWE-119⁠

Improper Restriction of Operations within the Bounds of a Memory Buffer

Sources (5)

Impacted images

debian

CREATED

7 years ago

UPDATED

8 months ago

SOURCE IDCVE-2016-10505⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/openjpeg2	deb	debian	12	>=2.5.0-2	Not yet available
debian/openjpeg2	deb	debian	11	>=2.4.0-3	Not yet available
debian/openjpeg2	deb	debian	unstable	>=2.5.0-2	Not yet available
debian/openjpeg2	deb	debian	13	>=2.5.0-2	Not yet available
debian/openjpeg2	deb	debian	10	>=2.3.0-2+deb10u2	Not yet available

Severity and metrics

No CVSS data available from this source.

nist

CREATED

7 years ago

UPDATED

4 years ago

SOURCE IDCVE-2016-10505⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-476⁠

CVSS SCORE

6.5medium

ubuntu

CREATED

7 years ago

UPDATED

1 month ago

SOURCE IDCVE-2016-10505⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.5medium

redhat

CREATED

7 years ago

UPDATED

10 months ago

SOURCE IDCVE-2016-10505⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-119⁠

CVSS SCORE

3.3low

suse

CREATED

7 years ago

UPDATED

8 months ago

SOURCE IDCVE-2016-10505⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.5medium