{"id":"CVE-2016-4797","details":"Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.","modified":"2026-04-16T06:17:50.577714764Z","published":"2017-02-03T16:59:00.293Z","related":["SUSE-SU-2022:1129-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMDEUIMHTLKMHELDL4F4HZ7X4Y34JEB/"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FFMOZOF2EI6N2CR23EQ5EATWLQKBMHW/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJM23YERMEC6LCTWBUH7LZURGSLZDFDH/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFRD35RIPRCGZA5DKAKHZ62LMP2A5UT7/"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/05/13/2"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335483"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/issues/733"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/uclouvain/openjpeg","events":[{"introduced":"0"},{"fixed":"53f25200ed696cf5dc71d5fe12faad2570861b20"},{"fixed":"8f9cc62b3f9a1da9712329ddcedb9750d585505c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.1.1"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4797.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"23"}]},{"events":[{"introduced":"0"},{"last_affected":"24"}]}],"vanir_signatures":[{"id":"CVE-2016-4797-0cac461e","signature_version":"v1","target":{"file":"src/lib/openjp2/tcd.c","function":"opj_tcd_init_tile"},"source":"https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c","deprecated":false,"digest":{"function_hash":"257004248534814206722681566285479977596","length":9361},"signature_type":"Function"},{"id":"CVE-2016-4797-d9f76175","signature_version":"v1","target":{"file":"src/lib/openjp2/tcd.c"},"source":"https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["225049661102870250041549526641074616634","73247418388560494446265847644653004742","334601661058292120774571645982894165467","175452125379047758074089300299006649918"]},"signature_type":"Line"}],"vanir_signatures_modified":"2026-04-11T03:43:49Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}