HTTP: OpenJPEG opj_pi_create_decode Integer Overflow
An integer overflow exists in OpenJPEG library. Successful exploitation could lead to remote code execution in the security context of the target user.
Extended Description
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
Affected Products
Redhat enterprise_linux_workstation
Short Name
HTTP:STC:DL:CVE-2016-7163-IOV
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2016-7163 Integer OpenJPEG Overflow opj_pi_create_decode
Release Date
03/30/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3716
False Positive
Unknown
Vendors
Fedoraproject
Debian
Redhat
Uclouvain
CVSS Score
6.8