CVE-2016-8332 in OpenJPEGinfo

Summary

A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsible

Talos

Reservation

09/28/2016

Disclosure

10/28/2016

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-119 (Confirmed)

CVSS

7.2

EPSS

0.01168

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-8332
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-8332
CVE Details	https://www.cvedetails.com/cve/CVE-2016-8332/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!