CVE-2016-10506
UnknownEPSS 3.47%
Last modified
CVE-2016-10506 is a vulnerability of currently unknown severity. Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.. EPSS estimates a 3.47% chance of exploitation in the next 30 days.
Description
Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Uclouvain | Openjpeg | <= 2.1.2 |
References
- https://github.com/uclouvain/openjpeg/commit/d27ccf01c68a31ad62b33d2dc1ba2bb1eeaafe7bIssue Tracking, Patch, Third Party Advisory
- https://github.com/uclouvain/openjpeg/issues/731Issue Tracking, Patch, Third Party Advisory
- https://github.com/uclouvain/openjpeg/issues/732Issue Tracking, Patch, Third Party Advisory
- https://github.com/uclouvain/openjpeg/issues/777Issue Tracking, Patch, Third Party Advisory
- https://github.com/uclouvain/openjpeg/issues/778Issue Tracking, Patch, Third Party Advisory
- https://github.com/uclouvain/openjpeg/issues/779Issue Tracking, Patch, Third Party Advisory
- https://github.com/uclouvain/openjpeg/issues/780Issue Tracking, Patch, Third Party Advisory
- https://github.com/uclouvain/openjpeg/commit/d27ccf01c68a31ad62b33d2dc1ba2bb1eeaafe7bIssue Tracking, Patch, Third Party Advisory
- https://github.com/uclouvain/openjpeg/issues/731Issue Tracking, Patch, Third Party Advisory
- https://github.com/uclouvain/openjpeg/issues/732Issue Tracking, Patch, Third Party Advisory
- https://github.com/uclouvain/openjpeg/issues/777Issue Tracking, Patch, Third Party Advisory
- https://github.com/uclouvain/openjpeg/issues/778Issue Tracking, Patch, Third Party Advisory
- https://github.com/uclouvain/openjpeg/issues/779Issue Tracking, Patch, Third Party Advisory
- https://github.com/uclouvain/openjpeg/issues/780Issue Tracking, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-10506?
Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.
How severe is CVE-2016-10506?
Severity scoring for CVE-2016-10506 is pending analysis. The EPSS model estimates a 3.47% probability of exploitation in the next 30 days.
How do I fix CVE-2016-10506?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2016-10506?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST