CVE-2016-9675

moderate-risk

Published 2016-12-22

openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.

Do I need to act?

0.80% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (11)

Openjpeg

Enterprise Linux

Enterprise Linux For Scientific Computing

Enterprise Linux

Enterprise Linux For Ibm Z Systems

Enterprise Linux For Power Big Endian

Affected Vendors

Redhat Uclouvain

References (8)

Patch http://rhn.redhat.com/errata/RHSA-2017-0559.html

Patch http://rhn.redhat.com/errata/RHSA-2017-0838.html

Mailing List http://www.openwall.com/lists/oss-security/2016/11/29/7

Third Party Advisory http://www.securityfocus.com/bid/94589

Patch http://rhn.redhat.com/errata/RHSA-2017-0559.html

Patch http://rhn.redhat.com/errata/RHSA-2017-0838.html

Mailing List http://www.openwall.com/lists/oss-security/2016/11/29/7

Third Party Advisory http://www.securityfocus.com/bid/94589

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 3/34 · Minimal

Exposure 16/34 · Moderate