CVE-2016-10504

Publication date 30 August 2017

Last updated 24 July 2024

Ubuntu priority

Cvss 3 Severity Score

Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openjpeg	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Ignored end of standard support, was not-affected [code not present]
	14.04 LTS trusty	Not affected
openjpeg2	18.04 LTS bionic	Not affected
	17.10 artful	Ignored end of life
	17.04 zesty	Fixed 2.1.2-1.1+deb9u2build0.17.04.1
	16.04 LTS xenial	Fixed 2.1.2-1.1+deb9u2build0.1
	14.04 LTS trusty	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
openjpeg	Upstream: 397f62c
openjpeg2	Upstream: 397f62c

Severity score breakdown

Parameter	Value
Base score	6.5 · Medium
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2016-10504

Cvss 3 Severity Score

Status

Patch details

Severity score breakdown

References

Other references