Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2012-3535

Published: 05/09/2012 Updated: 13/02/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Uclouvain

Vulnerability Summary

Heap-based buffer overflow in OpenJPEG 1.5.0 and previous versions allows remote malicious users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

uclouvain openjpeg 1.3

uclouvain openjpeg 1.4

uclouvain openjpeg

Vendor Advisories

Red Hat: Important: openjpeg security update
Synopsis Important: openjpeg security update Type/Severity Security Advisory: Important Topic Updated openjpeg packages that fix one security issue are now available forRed Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vulnerabil ...
Debian CVElist Bug Report Logs: openjpeg: CVE-2012-3535
Debian Bug report logs - #685970 openjpeg: CVE-2012-3535 Package: openjpeg; Maintainer for openjpeg is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 27 Aug 2012 06:45:02 UTC Severity: grave Tags: security Found in versions op ...
Debian Security Advisories: DSA-2629-1 openjpeg -- several issues
CVE-2009-5030 Heap memory corruption leading to invalid free when processing certain Gray16 TIFF images CVE-2012-3358 Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based buffer overflow in JPEG2000 image parsing CVE-2012-3535 Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based bu ...
Amazon Linux AMI: ALAS-2012-125
It was found that OpenJPEG failed to sanity-check an image header field before using it A remote attacker could provide a specially-crafted image file that could cause an application linked against OpenJPEG to crash or, possibly, execute arbitrary code (CVE-2012-3535) ...

References

CWE-119http://www.openwall.com/lists/oss-security/2012/08/27/2http://www.securityfocus.com/bid/55214http://secunia.com/advisories/50360http://osvdb.org/84978http://code.google.com/p/openjpeg/issues/detail?id=170http://www.openwall.com/lists/oss-security/2012/08/27/3https://bugzilla.redhat.com/show_bug.cgi?id=842918http://rhn.redhat.com/errata/RHSA-2012-1283.htmlhttp://secunia.com/advisories/50681http://www.mandriva.com/security/advisories?name=MDVSA-2012:157http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090579.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-October/090021.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/77994https://access.redhat.com/errata/RHSA-2012:1283https://nvd.nist.govhttps://www.debian.org/security/./dsa-2629
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook