CVE-2016-8332

Name of the Vulnerable Software and Affected Versions OpenJPEG version 2.1.1

Description A buffer overflow in the jpeg2000 image file format parser as implemented in the OpenJpeg library causes arbitrary code execution when parsing a crafted image. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. The attack requires the target user to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents, and the OpenJpeg library is used by a number of popular PDF renderers, making PDF documents a likely attack vector.

Recommendations For OpenJPEG version 2.1.1, consider avoiding the use of the jpeg2000 image file format until a patch is available, and restrict access to PDF documents that may contain malicious jpeg2000 files to minimize the risk of exploitation.