{"containers": {"cna": {"affected": [{"product": "OPENJPEG", "vendor": "OPENJPEG", "versions": [{"status": "affected", "version": "2.1.1"}]}], "datePublic": "2016-09-29T00:00:00", "descriptions": [{"lang": "en", "value": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Arbitrary Code Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-15T02:22:54", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"name": "DSA-3768", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3768"}, {"name": "93242", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93242"}, {"name": "1038623", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038623"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0193/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2016-8332", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OPENJPEG", "version": {"version_data": [{"version_value": "2.1.1"}]}}]}, "vendor_name": "OPENJPEG"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector."}]}, "impact": {"cvss": {"baseScore": 7.5, "baseSeverity": "High", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Arbitrary Code Execution"}]}]}, "references": {"reference_data": [{"name": "DSA-3768", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3768"}, {"name": "93242", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93242"}, {"name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623"}, {"name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"name": "http://www.talosintelligence.com/reports/TALOS-2016-0193/", "refsource": "MISC", "url": "http://www.talosintelligence.com/reports/TALOS-2016-0193/"}, {"name": "https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2", "refsource": "MISC", "url": "https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:20:30.569Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-3768", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3768"}, {"name": "93242", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93242"}, {"name": "1038623", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038623"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0193/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2016-8332", "datePublished": "2016-10-28T14:00:00", "dateReserved": "2016-09-28T00:00:00", "dateUpdated": "2024-08-06T02:20:30.569Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:uclouvain:openjpeg:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "823009B0-7F45-4F77-B14C-ADA668977F5C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en OpenJPEG 2.1.1 provoca ejecuci\u00f3n de c\u00f3digo arbitrario cuando se analiza una imagen manipulada. Una vulnerabilidad explotable de ejecuci\u00f3n de c\u00f3digo existe en el analizador de archivo formato de imagen jpeg2000 como se aplica en la librer\u00eda OpenJpeg. Un archivo jpeg2000 especialmente manipulado puede provocar una escritura fuera de l\u00edmites resultando en corrupci\u00f3n de la pila dando lugar a ejecuci\u00f3n de c\u00f3digo arbitrario. Para un ataque exitoso, el usuario objetivo necesita abrir un archivo jpeg2000 malicioso. El formato de archivo de jpeg2000 es principalmente utilizado para incrustar im\u00e1genes dentro de documentos PDF y la librer\u00eda OpenJpeg es utilizada por un n\u00famero de visualizadores de PDF populares convirtiendo a los documentos PDF en un vector de ataque probable."}], "id": "CVE-2016-8332", "lastModified": "2024-11-21T02:59:10.733", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-28T14:59:00.167", "references": [{"source": "talos-cna@cisco.com", "url": "http://www.debian.org/security/2017/dsa-3768"}, {"source": "talos-cna@cisco.com", "url": "http://www.securityfocus.com/bid/93242"}, {"source": "talos-cna@cisco.com", "url": "http://www.securitytracker.com/id/1038623"}, {"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0193/"}, {"source": "talos-cna@cisco.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2"}, {"source": "talos-cna@cisco.com", "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2017/dsa-3768"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/93242"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1038623"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0193/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "openjpeg2: JPEG2000 mcc record Code Execution Vulnerability", "id": "1381268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381268"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "draft"}, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector."], "name": "CVE-2016-8332", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openjpeg", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openjpeg", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2016-09-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-8332\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8332\nhttp://www.talosintelligence.com/reports/TALOS-2016-0193/"], "threat_severity": "Important"}