Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-4796

Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.

Related bugs and status

CVE-2016-4796 (Candidate) is related to these bugs:

Bug #1630702: Fix for CVE-2016-8332 and CVE-2016-7163

		In	Importance	Status
1630702	Fix for CVE-2016-8332 and CVE-2016-7163	openjpeg2 (Ubuntu)	Medium	Fix Released
1630702	Fix for CVE-2016-8332 and CVE-2016-7163	openjpeg2 (Ubuntu Xenial)	Medium	Fix Released
1630702	Fix for CVE-2016-8332 and CVE-2016-7163	openjpeg2 (Ubuntu Yakkety)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2016051...
CONFIRM: https://bugzilla.redha...
CONFIRM: https://github.com/ucl...
CONFIRM: https://github.com/ucl...
FEDORA: FEDORA-2016-14d8f9b4ed
FEDORA: FEDORA-2016-8fa7ced365
FEDORA: FEDORA-2016-abdc548f46
FEDORA: FEDORA-2016-d2ab705e4a
MISC: https://www.oracle.com...