{"id":"CVE-2016-3183","details":"The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file.","modified":"2026-04-16T06:20:32.992482257Z","published":"2017-02-03T16:59:00.137Z","related":["SUSE-SU-2022:1129-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJM23YERMEC6LCTWBUH7LZURGSLZDFDH/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFRD35RIPRCGZA5DKAKHZ62LMP2A5UT7/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMDEUIMHTLKMHELDL4F4HZ7X4Y34JEB/"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FFMOZOF2EI6N2CR23EQ5EATWLQKBMHW/"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1317821"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/issues/726"},{"type":"FIX","url":"https://security.gentoo.org/glsa/201612-26"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/03/16/17"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/uclouvain/openjpeg","events":[{"introduced":"0"},{"fixed":"53f25200ed696cf5dc71d5fe12faad2570861b20"},{"fixed":"15f081c89650dccee4aa4ae66f614c3fdb268767"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.1.1"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3183.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.1.0"}]}],"vanir_signatures":[{"deprecated":false,"digest":{"length":3153,"function_hash":"232723039987976732338498395538962934901"},"signature_version":"v1","target":{"function":"sycc420_to_rgb","file":"src/bin/common/color.c"},"id":"CVE-2016-3183-042d9082","signature_type":"Function","source":"https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767"},{"deprecated":false,"digest":{"length":1052,"function_hash":"163834713524545296435326667982557538732"},"signature_version":"v1","target":{"function":"color_sycc_to_rgb","file":"src/bin/common/color.c"},"id":"CVE-2016-3183-4b4ce8fa","signature_type":"Function","source":"https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767"},{"deprecated":false,"digest":{"length":1301,"function_hash":"50528208843460682154574240540540730910"},"signature_version":"v1","target":{"function":"sycc444_to_rgb","file":"src/bin/common/color.c"},"id":"CVE-2016-3183-8dceefdc","signature_type":"Function","source":"https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767"},{"source":"https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767","digest":{"length":2248,"function_hash":"54362684166826776803224864586488355076"},"signature_version":"v1","target":{"function":"sycc422_to_rgb","file":"src/bin/common/color.c"},"id":"CVE-2016-3183-8f45fb0b","signature_type":"Function","deprecated":false},{"deprecated":false,"digest":{"line_hashes":["138244548877298902218041542642467587888","18809269859584758344380979397030228808","282491012989628312524719436047342241572","247859123637723811115717504641926702520","236332994569524537909403247954223130740","97685477365476391735066209522267591509","159393623126005493292186356821901710490","304589403095236474945679745462923963489","50528373211240652803997254695693268812","205595688378218778481673434100045694616","104109513173611542540007488579653934177","200718784474175022797090980114374610812","243743255714316124266742150402103380979","257522452922096000728894561177266254525","339774684984125607297034658278814334834","309603988199065472223650289674597067656","25602314147906800964232778939310966282","317584004630538926428959669609517081877","51315054315934659536850774358502792396","322628900362867175322253720132578564128","88644204931867597756948560831261909664","89207189440710557149384242329194429053","82923314315062672150959383036828119033","14196576362823543063649340574763865089","237881388974152880549636120708753737478","75540628927824192601670292446787682727","111657900476882239943954988398209882570","310722741910457477964542904055542263538","9531971306032696971631834443777559775","210543343504982620886352243467121123815","52859723869573555840996363032552117484","127856085929334584809567571524053102510","97685477365476391735066209522267591509","159393623126005493292186356821901710490","304589403095236474945679745462923963489","50528373211240652803997254695693268812","205595688378218778481673434100045694616","104109513173611542540007488579653934177","200718784474175022797090980114374610812","243743255714316124266742150402103380979","28301540128789457516439251246913908931","240528181696270424515660558193476795418","168414073610696146050402407094795227364","110325991596947674043665312222514159735","246467047400933988581955160841446327161","187813587118258944949203413108429123447","324861077522988194070797485198363905688","21479232988884056687225079802336541131","285569428698967809716878498689171875046","170150310267634114422756055442432591425","210472682364337659142656948817677158516","47669034386681414838739813827471815158","141315774355945149102949621248292910860","181071839617179718893256502837987049556","121596700512774203166618914092018882051","103020878871106400841863645556969138028","309603988199065472223650289674597067656","90723639322337037786799515522159762978","145571367639013526929886865822707379853","71936635940319604917302059213091866506","310293988665497998305388415940912731203","285162095509720844358451071846339950354","190151533277390798611783624637187656622","3757169818471990164415372589788195899","334678395714242000575265977414926025575","41776914429418398823773571133082641989","53150382293848028873180545514891304607","249110832772914573832965399783227714859","4595320859346677017001999603650232463","148332431402148104060107965607625385470","311357241020195558220788012566949328788","322628900362867175322253720132578564128","88644204931867597756948560831261909664","89207189440710557149384242329194429053","238156639705968782757181082697866072943","249335561469909443830245085264466382508","232510176480720492320303803233778551181","83636366904511455969035256174048187587","57234946098371162067551608041175851318","59362843808923040238941183588764445986","208511510615801125884652018090610014217","210543343504982620886352243467121123815","52859723869573555840996363032552117484","127856085929334584809567571524053102510","97685477365476391735066209522267591509","159393623126005493292186356821901710490","304589403095236474945679745462923963489","50528373211240652803997254695693268812","205595688378218778481673434100045694616","104109513173611542540007488579653934177","200718784474175022797090980114374610812","243743255714316124266742150402103380979","125604795163073763874295625794881523066","23611236177916487994145591810748114191","88895508510120842740738394125077679738","108401377897304050180080284253524679274","168513463643665291143588786089240727698","296009698411781590466958922072955870791","237201204818099739874717299835755734225","237427738175927435697433195257196298310","49888067190674246608889540895451064718","332173626083483262000625693408354238254","125843339204208203320297487016475793211","170969411561658736691258861750910712193","149692963909953904502886164835518568142","294576848686041303241732528265888510866","96800055998634280320472808180680210906","27012462281669988699564688287023694245","246467047400933988581955160841446327161","187813587118258944949203413108429123447","90723639322337037786799515522159762978","145571367639013526929886865822707379853","71936635940319604917302059213091866506","310293988665497998305388415940912731203","285162095509720844358451071846339950354","190151533277390798611783624637187656622","3757169818471990164415372589788195899","334678395714242000575265977414926025575","41776914429418398823773571133082641989","53150382293848028873180545514891304607","249110832772914573832965399783227714859","4595320859346677017001999603650232463","148332431402148104060107965607625385470","311357241020195558220788012566949328788","322628900362867175322253720132578564128","88644204931867597756948560831261909664","89207189440710557149384242329194429053","30728862259030306992680935136195697627","234530099080435303959527251164119922892","159391309353591642471887614938364689968","214328089085677516086918317064760473849","337147713089367964434608177659315337118","163243682133941114802183357617887939165"],"threshold":0.9},"signature_version":"v1","target":{"file":"src/bin/common/color.c"},"id":"CVE-2016-3183-dbf7e83d","signature_type":"Line","source":"https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767"},{"deprecated":false,"digest":{"length":8515,"function_hash":"195412643330250903764091488308715201513"},"signature_version":"v1","target":{"function":"imagetobmp","file":"src/bin/jp2/convertbmp.c"},"id":"CVE-2016-3183-dfde826c","signature_type":"Function","source":"https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767"},{"source":"https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767","digest":{"line_hashes":["265351259535117719534036123992808496355","77963476706332368559694164666335894594","134590308424341073052338712213935232954","79466045731928128473232569247596691827"],"threshold":0.9},"signature_version":"v1","target":{"file":"src/bin/jp2/convertbmp.c"},"id":"CVE-2016-3183-eee8075e","signature_type":"Line","deprecated":false}],"vanir_signatures_modified":"2026-04-11T03:43:45Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}