CVE-2016-9114

Name of the Vulnerable Software and Affected Versions OpenJPEG version 2.1.2

Description The issue is related to a NULL pointer access in the imagetopnm function of convert.c at line 1943, specifically when handling jp2 files. The problem arises because image->comps[compno].data is not assigned a value after initialization, which remains NULL. This results in a Denial of Service impact.

Recommendations For OpenJPEG version 2.1.2, as a temporary workaround, consider disabling the imagetopnm function until a patch is available. Restrict access to the convert.c module to minimize the risk of exploitation. Avoid using the image->comps[compno].data variable in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.