{"id":"CVE-2016-9580","details":"An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.","modified":"2026-04-11T03:56:43.411062Z","published":"2018-08-01T16:29:00.477Z","related":["MGASA-2016-0426","SUSE-SU-2016:3270-1","openSUSE-SU-2017:2567-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/94822"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201710-26"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9580"},{"type":"FIX","url":"https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255"},{"type":"EVIDENCE","url":"https://github.com/uclouvain/openjpeg/issues/871"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/szukw000/openjpeg","events":[{"introduced":"0"},{"fixed":"cadff5fb6e73398de26a92e96d3d7cac893af255"}]},{"type":"GIT","repo":"https://github.com/uclouvain/openjpeg","events":[{"introduced":"0"},{"last_affected":"1f1e968269bbd7eaade7955892a6d8c281b91df2"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.1.2"}]}}],"versions":["v2.1.1","v2.1.2"],"database_specific":{"vanir_signatures_modified":"2026-04-11T03:56:43Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9580.json","vanir_signatures":[{"source":"https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255","signature_version":"v1","signature_type":"Function","id":"CVE-2016-9580-3e1a0616","deprecated":false,"target":{"function":"tiftoimage","file":"src/bin/jp2/converttif.c"},"digest":{"length":5013,"function_hash":"317079937281538815993112337419609533839"}},{"source":"https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255","signature_version":"v1","signature_type":"Function","id":"CVE-2016-9580-acf3a211","deprecated":false,"target":{"function":"imagetotif","file":"src/bin/jp2/converttif.c"},"digest":{"length":3855,"function_hash":"75384168179758307215913958996022469404"}},{"source":"https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255","signature_version":"v1","signature_type":"Line","id":"CVE-2016-9580-bbdfaf7c","deprecated":false,"target":{"file":"src/bin/jp2/converttif.c"},"digest":{"threshold":0.9,"line_hashes":["238251877731424898360099149325795582835","197265446377938595666886952516892763767","231897807650322997766719769940655117332","46026957450599929363219663079595681179","311395755534264161389688128137172159142","287025139395140735473875559373979026902","163708784233692179344514772890253843907","174394106705740669988334235228898379715","112977614278753944548917320986734595333","216215757886127372503793395833160486186","52956107098617001474185733941808167308","226490392422113580764943695050908180322","68251431459225111492233278918907325891","88402480827415101358446242395678299901","57511202523510630377416362634050980324","271517793718126932008919045424270685529","44289391948148806721683921220014783805","63228192074795279672317078141867677346","306998765449402132938911944603080210317","57056431648448895288047214121758094634","305177801564511599964035150970109040706","249894557450947605959136673462385149407","243451862713267555041185259141479305324","263418030796441589817261806907133602175","302052312557754129217744913296048814044","207168910225244010190480303672861772843","204950336797483910918268556699852002237","208327993978669144734939914322983518262","41952327641609555481277459676053322127","133112681564969175736499613024689407890","279499365524215107574481286949427747206","8091855587916317323809765056560585129","327438470370225769566419193778830375383","121294373205656260976095686952599107832","127628223134022226494381666690377763674","339470260250223655143201922301264494152","278367631218164331073167236722515446561","204577633356994884287924183343112230995","305387765995264470560572254493287819997","64901618391428631001062071617813723061","130087077414184990532502352947913458647","108748089868427517788677796051087955823","228056953512845786329174973548912492449","275231041057549739619116012639222351357","338565406206651071551959703058313633867","254922792106624874091106362280507660488","210112654939829488635626204299553525100","187886059695661737955238549441264359169","82166475026064775320431453907857042940","137389786316366403191170290358783525241","204729672608728106680496468166381376441","44014042099759508069331870500031756789","198017367191545786793345849381346046192","332499970396210863914541693348887415355","178746871428224665192848465778499736752","295330115883972837477730493790859904132","20221228619878862484648133719220307905","196632802611279338227274660940529882617","121177886584432295194060345178166487524","156200397480406555095600739821597568339","34844331068809100361556350160787722059","131476609723145445967739509907806257384","71455610642043398730078608473495807751","89037990163066950939397904101194689951","121177886584432295194060345178166487524","147820804959590508391972385759264388426","179461894082822844634571947376839006765","146644741593593236475723479522273282345","160911922676307836748283754410090817347","11797935973338244895338916617776622761","242993353135045960020007416443997953249","330000044493025776827744573939296160474","155064273055860644843933824621438814414","147153693768433285864003695230737047063","179408693680712458383580002999886193011","90309476032737987684091763031237518799","9314387211290534474686768928295629214","136698224535132741255390701462499657190","22691584782711891470748708663667755933","82182639238719141866045550649246790827","255971524585472517499306207424556872877","304521574039157984776507966929954957970","217786467542040064467207564438013965342","314803040081758730856678673896220052422","281993717603906591678918148713045022094","68732630068329377203846609269104985109","166832330700379666654507127329549538267","156182393910715867198218714394530679525","48453218537741827860388014654597181390","238355313059114426214444728499710981814","253578594366493850982725911787475215953","39295935496708815665124362321498415007","90426680968513001199522893460523338272","124506355986071723030130537400901874943","299778744362598592042556946575802184496","245479153847407873488294645838444922949","140077947741031022136714419456646420147","247874467927523006774134427636131375357","200412056641650269760954095114482322873","177577647566967564904524181246737550480"]}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}