Published: 18/07/2012 Updated: 13/02/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The tcd_free_encode function in tcd.c in OpenJPEG 1.3 up to and including 1.5 allows remote malicious users to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid free."

Vulnerable Product	Search on Vulmon	Subscribe to Product
uclouvain openjpeg 1.3
uclouvain openjpeg 1.4
uclouvain openjpeg 1.5

Synopsis Important: openjpeg security update Type/Severity Security Advisory: Important Topic Updated openjpeg packages that fix two security issues are now availablefor Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vulnerabili ...

Debian Bug report logs - #672455 CVE-2009-5030: Heap memory corruption leading to invalid free Package: libopenjpeg2; Maintainer for libopenjpeg2 is (unknown); Reported by: Henri Salo <henri@nervfi> Date: Fri, 11 May 2012 08:09:01 UTC Severity: important Tags: fixed-upstream, patch, security Found in version openjpeg/13 ...

CVE-2009-5030 Heap memory corruption leading to invalid free when processing certain Gray16 TIFF images CVE-2012-3358 Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based buffer overflow in JPEG2000 image parsing CVE-2012-3535 Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based bu ...

An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbit ...

CWE-119 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083105.html http://www.securityfocus.com/bid/53012 http://code.google.com/p/openjpeg/issues/detail?id=5 http://rhn.redhat.com/errata/RHSA-2012-1068.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082923.html http://secunia.com/advisories/48781 http://www.openwall.com/lists/oss-security/2012/04/13/5 http://code.google.com/p/openjpeg/source/detail?r=1703 http://www.mandriva.com/security/advisories?name=MDVSA-2012:104 http://secunia.com/advisories/49913 https://exchange.xforce.ibmcloud.com/vulnerabilities/74851 https://groups.google.com/forum/#%21topic/openjpeg/DLVrRKbTeI0/discussion https://access.redhat.com/errata/RHSA-2012:1068 https://www.debian.org/security/./dsa-2629 https://nvd.nist.gov

CVE-2009-5030

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect