Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2012-3358

Published: 18/07/2012 Updated: 13/02/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Openjpeg

Vulnerability Summary

Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote malicious users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file.

Vulnerable Product Search on Vulmon Subscribe to Product

uclouvain openjpeg 1.5

Vendor Advisories

Red Hat: Important: openjpeg security update
Synopsis Important: openjpeg security update Type/Severity Security Advisory: Important Topic Updated openjpeg packages that fix two security issues are now availablefor Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vulnerabili ...
Debian CVElist Bug Report Logs: Fwd: Openjpeg heap buffer overflow issue affecting 1.4 and 1.5
Debian Bug report logs - #681075 Fwd: Openjpeg heap buffer overflow issue affecting 14 and 15 Package: openjpeg; Maintainer for openjpeg is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Reported by: Mathieu Malaterre <malat@debianorg> Date: Tue, 10 Jul 2012 13:21:02 UTC Severity: im ...
Debian Security Advisories: DSA-2629-1 openjpeg -- several issues
CVE-2009-5030 Heap memory corruption leading to invalid free when processing certain Gray16 TIFF images CVE-2012-3358 Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based buffer overflow in JPEG2000 image parsing CVE-2012-3535 Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based bu ...
Amazon Linux AMI: ALAS-2012-111
An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbit ...

References

CWE-119http://code.google.com/p/openjpeg/source/detail?r=1727http://secunia.com/advisories/49913http://www.openwall.com/lists/oss-security/2012/07/11/1http://www.securityfocus.com/bid/54373http://rhn.redhat.com/errata/RHSA-2012-1068.htmlhttp://osvdb.org/83741http://www.mandriva.com/security/advisories?name=MDVSA-2012:104https://exchange.xforce.ibmcloud.com/vulnerabilities/76850https://access.redhat.com/errata/RHSA-2012:1068https://www.debian.org/security/./dsa-2629https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook