CVE-2016-4796: Buffer Overflow
First published: Thu May 12 2016(Updated: )
A heap buffer overflow in function color_cmyk_to_rgb in color.c. Upstream patch: <a href="https://github.com/uclouvain/openjpeg/commit/162f6199c0cd3ec1c6c6dc65e41b2faab92b2d91">https://github.com/uclouvain/openjpeg/commit/162f6199c0cd3ec1c6c6dc65e41b2faab92b2d91</a> CVE request: <a href="http://seclists.org/oss-sec/2016/q2/327">http://seclists.org/oss-sec/2016/q2/327</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenJPEG | <=2.1.0 | |
| Red Hat Fedora | =23 | |
| Red Hat Fedora | =24 | |
| <=2.1.0 | ||
| =23 | ||
| =24 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/uclouvain/openjpeg/commit/162f6199c0cd3ec1c6c6dc65e41b2faab92b2d91
- http://seclists.org/oss-sec/2016/q2/327
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1335485
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1335484
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1335486
- http://seclists.org/oss-sec/2016/q2/342
- https://github.com/uclouvain/openjpeg/blob/162f6199c0cd3ec1c6c6dc65e41b2faab92b2d91/src/bin/common/color.c#L874-L892
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4796
- https://bugzilla.redhat.com/show_bug.cgi?id=1335482
- http://www.openwall.com/lists/oss-security/2016/05/13/2
- https://github.com/uclouvain/openjpeg/issues/774
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FFMOZOF2EI6N2CR23EQ5EATWLQKBMHW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BJM23YERMEC6LCTWBUH7LZURGSLZDFDH/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFRD35RIPRCGZA5DKAKHZ62LMP2A5UT7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPMDEUIMHTLKMHELDL4F4HZ7X4Y34JEB/
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FFMOZOF2EI6N2CR23EQ5EATWLQKBMHW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMDEUIMHTLKMHELDL4F4HZ7X4Y34JEB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJM23YERMEC6LCTWBUH7LZURGSLZDFDH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFRD35RIPRCGZA5DKAKHZ62LMP2A5UT7/
Frequently Asked Questions
What is the severity of CVE-2016-4796?
CVE-2016-4796 is classified as a high severity vulnerability due to the potential for heap buffer overflow leading to exploitation.
How do I fix CVE-2016-4796?
To mitigate CVE-2016-4796, users should update to the patched version of OpenJPEG that addresses the heap buffer overflow.
Which versions of OpenJPEG are affected by CVE-2016-4796?
CVE-2016-4796 affects OpenJPEG versions up to and including 2.1.0.
Can CVE-2016-4796 be exploited remotely?
Yes, CVE-2016-4796 can potentially be exploited remotely by attackers through crafted CMYK images.
What kind of impact does CVE-2016-4796 have on the system?
The impact of CVE-2016-4796 may include crashes, arbitrary code execution, or denial of service on affected systems.
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-4796
- agent/weakness
- agent/trending
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/uclouvain
- canonical/openjpeg
- version/openjpeg/2.1.0
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/23
- version/red hat fedora/24