subject:"Bug#844552\: openjpeg2\: CVE\-2016\-9113"

Bug#844552: openjpeg2: CVE-2016-9113

2021-01-27 Thread Mathieu Malaterre

Control: fixed -1 2.3.0-2

Per:

https://github.com/uclouvain/openjpeg/issues/856#issuecomment-338843195

[...]
Sorry for replying late.
I test the poc with the latest version. There is no crash.
[...]

Bug#844552: openjpeg2: CVE-2016-9113

2016-11-16 Thread Salvatore Bonaccorso

Source: openjpeg2
Version: 2.1.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/856

Hi,

the following vulnerability was published for openjpeg2.

CVE-2016-9113[0]:
| There is a NULL pointer dereference in function imagetobmp of
| convertbmp.c:980 of OpenJPEG 2.1.2. image-comps[0].data is not
| assigned a value after initialization(NULL). Impact is Denial of
| Service.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-9113
[1] https://github.com/uclouvain/openjpeg/issues/856

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#844552: openjpeg2: CVE-2016-9113

Bug#844552: openjpeg2: CVE-2016-9113

2 matches

Site Navigation

Mail list logo

Footer information