Note:
This project will be discontinued after December 13, 2021. [more]
2012-09-05
Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file.
Products | Openjpeg |
Type | Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) |
First patch | - None (likely due to unavailable code) |
Links |
• https://bugzilla.redhat.com/show_bug.cgi?id=842918
• http://www.openwall.com/lists/oss-security/2012/08/27/3 • https://exchange.xforce.ibmcloud.com/vulnerabilities/77994 • http://www.mandriva.com/security/advisories?name=MDVSA-2012:157 • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090021.html
• http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090579.html
• http://code.google.com/p/openjpeg/issues/detail?id=170 • http://rhn.redhat.com/errata/RHSA-2012-1283.html • http://secunia.com/advisories/50681 • http://www.securityfocus.com/bid/55214 • http://secunia.com/advisories/50360 • http://www.openwall.com/lists/oss-security/2012/08/27/2 • http://osvdb.org/84978 |