Miggo Logo
Miggo Vulnerability Database
CVE-2016-9116

CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is...

6.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2016-9116
GHSA ID
GHSA-wqf5-7884-7h3f
EPSS Score
0.57317%
CWE
CWE-476
Published
5/13/2022
Updated
2/1/2023
KEV Status
No
Technology
-

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description and the GitHub issue report clearly identify 'imagetopnm' and 'imagetoraw_common' as the functions involved in the NULL pointer dereference. The GDB backtrace pinpoints the exact line of code in 'imagetoraw_common' where the crash occurs. The Gentoo security advisory confirms the vulnerability and the affected versions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

NULL Point*r ****ss in *un*tion im***topnm o* *onv*rt.*:****(jp*) in Op*nJP** *.*.*. Imp**t is **ni*l o* S*rvi**. Som*on* must op*n * *r**t** j*k *il*.

Reasoning

T** vuln*r**ility **s*ription *n* t** *it*u* issu* r*port *l**rly i**nti*y 'im***topnm' *n* 'im***tor*w_*ommon' *s t** *un*tions involv** in t** NULL point*r **r***r*n**. T** *** ***ktr*** pinpoints t** *x**t lin* o* *o** in 'im***tor*w_*ommon' w**r*