Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-1923

Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.

Related bugs and status

CVE-2016-1923 (Candidate) is related to these bugs:

Bug #1630702: Fix for CVE-2016-8332 and CVE-2016-7163

		In	Importance	Status
1630702	Fix for CVE-2016-8332 and CVE-2016-7163	openjpeg2 (Ubuntu)	Medium	Fix Released
1630702	Fix for CVE-2016-8332 and CVE-2016-7163	openjpeg2 (Ubuntu Xenial)	Medium	Fix Released
1630702	Fix for CVE-2016-8332 and CVE-2016-7163	openjpeg2 (Ubuntu Yakkety)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2016011...
MLIST: [oss-security] 2016011...
GENTOO: GLSA-201612-26
MISC: https://www.oracle.com...