CVE-2016-8332

A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.

CVSS v3 7.8 HIGH
CVSS v2.0 6.8 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector : AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.debian.org/security/2017/dsa-3768
http://www.securityfocus.com/bid/93242
http://www.securitytracker.com/id/1038623
http://www.talosintelligence.com/reports/TALOS-2016-0193/	Exploit Third Party Advisory
https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2	Release Notes Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:uclouvain:openjpeg:2.1.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-10-28 14:59

Updated : 2023-12-10 11:46

NVD link : CVE-2016-8332

Mitre link : CVE-2016-8332

CVE.ORG link : CVE-2016-8332

JSON object : View

Products Affected

uclouvain

openjpeg

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2016-8332", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2016-10-28T14:59:00.167", "references": [{"url": "http://www.debian.org/security/2017/dsa-3768", "source": "talos-cna@cisco.com"}, {"url": "http://www.securityfocus.com/bid/93242", "source": "talos-cna@cisco.com"}, {"url": "http://www.securitytracker.com/id/1038623", "source": "talos-cna@cisco.com"}, {"url": "http://www.talosintelligence.com/reports/TALOS-2016-0193/", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://github.com/uclouvain/openjpeg/releases/tag/v2.1.2", "tags": ["Release Notes", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "source": "talos-cna@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en OpenJPEG 2.1.1 provoca ejecuci\u00f3n de c\u00f3digo arbitrario cuando se analiza una imagen manipulada. Una vulnerabilidad explotable de ejecuci\u00f3n de c\u00f3digo existe en el analizador de archivo formato de imagen jpeg2000 como se aplica en la librer\u00eda OpenJpeg. Un archivo jpeg2000 especialmente manipulado puede provocar una escritura fuera de l\u00edmites resultando en corrupci\u00f3n de la pila dando lugar a ejecuci\u00f3n de c\u00f3digo arbitrario. Para un ataque exitoso, el usuario objetivo necesita abrir un archivo jpeg2000 malicioso. El formato de archivo de jpeg2000 es principalmente utilizado para incrustar im\u00e1genes dentro de documentos PDF y la librer\u00eda OpenJpeg es utilizada por un n\u00famero de visualizadores de PDF populares convirtiendo a los documentos PDF en un vector de ataque probable."}], "lastModified": "2022-04-19T20:15:09.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:uclouvain:openjpeg:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "823009B0-7F45-4F77-B14C-ADA668977F5C"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}