Home

CVE-2016-7163

Description

Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.506

Associated Vulnerability

VulnerabilityOS Platform
Openjpeg security update (CESA-2017:0559) openjpeg-1.3-16.el6_8.i686.rpmLinux
Openjpeg security update (CESA-2017:0559) openjpeg-1.3-16.el6_8.x86_64.rpmLinux
Openjpeg security update (CESA-2017:0559) openjpeg-libs-1.3-16.el6_8.i686.rpmLinux
Openjpeg security update (CESA-2017:0559) openjpeg-libs-1.3-16.el6_8.x86_64.rpmLinux
Openjpeg security update (CESA-2017:0559) openjpeg-devel-1.3-16.el6_8.i686.rpmLinux
Openjpeg security update (CESA-2017:0559) openjpeg-devel-1.3-16.el6_8.x86_64.rpmLinux
(RHSA-2017:0559) Moderate: openjpeg security update openjpeg-1.3-16.el6_8.i686.rpmLinux
(RHSA-2017:0559) Moderate: openjpeg security update openjpeg-1.3-16.el6_8.x86_64.rpmLinux
(RHSA-2017:0559) Moderate: openjpeg security update openjpeg-devel-1.3-16.el6_8.i686.rpmLinux
(RHSA-2017:0559) Moderate: openjpeg security update openjpeg-devel-1.3-16.el6_8.x86_64.rpmLinux
(RHSA-2017:0559) Moderate: openjpeg security update openjpeg-libs-1.3-16.el6_8.i686.rpmLinux
(RHSA-2017:0559) Moderate: openjpeg security update openjpeg-libs-1.3-16.el6_8.x86_64.rpmLinux
Openjpeg update (ELSA-2017-0559) openjpeg-1.3-16.el6_8.x86_64.rpmLinux
Openjpeg-devel update (ELSA-2017-0559) openjpeg-devel-1.3-16.el6_8.x86_64.rpmLinux
Openjpeg-libs update (ELSA-2017-0559) openjpeg-libs-1.3-16.el6_8.x86_64.rpmLinux
Openjpeg update (ELSA-2017-0559) openjpeg-1.3-16.el6_8.i686.rpmLinux
Openjpeg-devel update (ELSA-2017-0559) openjpeg-devel-1.3-16.el6_8.i686.rpmLinux
Openjpeg-libs update (ELSA-2017-0559) openjpeg-libs-1.3-16.el6_8.i686.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234