CVE-2016-4797: Divide by Zero
First published: Thu May 12 2016(Updated: )
Divide by zero vulnerability was found in function opj_tcd_init_tile in tcd.c Upstream patch: <a href="https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c">https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c</a> CVE request: <a href="http://seclists.org/oss-sec/2016/q2/327">http://seclists.org/oss-sec/2016/q2/327</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenJPEG | <=2.1.0 | |
| Red Hat Fedora | =23 | |
| Red Hat Fedora | =24 | |
| <=2.1.0 | ||
| =23 | ||
| =24 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c
- http://seclists.org/oss-sec/2016/q2/327
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1335485
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1335484
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1335486
- http://seclists.org/oss-sec/2016/q2/342
- https://access.redhat.com/security/cve/CVE-2014-7947
- https://access.redhat.com/security/cve/CVE-2016-4797
- https://bugzilla.redhat.com/show_bug.cgi?id=1335483
- http://www.openwall.com/lists/oss-security/2016/05/13/2
- https://github.com/uclouvain/openjpeg/issues/733
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FFMOZOF2EI6N2CR23EQ5EATWLQKBMHW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BJM23YERMEC6LCTWBUH7LZURGSLZDFDH/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFRD35RIPRCGZA5DKAKHZ62LMP2A5UT7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPMDEUIMHTLKMHELDL4F4HZ7X4Y34JEB/
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FFMOZOF2EI6N2CR23EQ5EATWLQKBMHW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMDEUIMHTLKMHELDL4F4HZ7X4Y34JEB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJM23YERMEC6LCTWBUH7LZURGSLZDFDH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFRD35RIPRCGZA5DKAKHZ62LMP2A5UT7/
Frequently Asked Questions
What is the severity of CVE-2016-4797?
CVE-2016-4797 is classified as a high severity vulnerability due to the potential for system crashes.
How do I fix CVE-2016-4797?
To mitigate CVE-2016-4797, update to the latest version of OpenJPEG that includes the upstream patch.
What software is affected by CVE-2016-4797?
CVE-2016-4797 affects versions of OpenJPEG up to and including 2.1.0 and specific versions of Fedora.
How does CVE-2016-4797 impact software performance?
CVE-2016-4797 can lead to application crashes, negatively impacting software stability and performance.
What causes CVE-2016-4797?
CVE-2016-4797 is caused by a divide-by-zero error in the opj_tcd_init_tile function within the OpenJPEG library.
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/references
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-4797
- agent/weakness
- agent/trending
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/uclouvain
- canonical/openjpeg
- version/openjpeg/2.1.0
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/23
- version/red hat fedora/24