Integer Overflow or Wraparound

Affecting openjpeg2 package, versions *

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

NVD Description

Note: Versions mentioned in the description apply to the upstream openjpeg2 package.

An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.

Remediation

There is no fixed version for Debian:9 openjpeg2.

References

CVSS Score

8.8
low severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    Required
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    High
  • Availability
    High
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE
CVE-2016-9580
CWE
CWE-122 CWE-190
Snyk ID
SNYK-DEBIAN9-OPENJPEG2-345828
Disclosed
01 Aug, 2018
Published
27 Jun, 2018