Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4517

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-4517
Last Modified 23 Mar 2015 09:59:34
Published 14 Dec 2011 10:57:34
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4517

Summary

The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.

Vulnerable Systems

Application

  • Jasper Project Jasper 1.900.1


References

CERT-VN - VU#887409

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=747726

DEBIAN - DSA-2371

SECUNIA - 47353

SECUNIA - 47306

REDHAT - RHSA-2011:1811

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html

UBUNTU - USN-1315-1

XF - jasper-jpccrggetparms-bo(71701)

REDHAT - RHSA-2011:1807

SECUNIA - 47193

OSVDB - 77596

SUSE - openSUSE-SU-2011:1317

FEDORA - FEDORA-2011-16955

FEDORA - FEDORA-2011-16966

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21660640

REDHAT - RHSA-2015:0698

Related Patches

Red Hat 2011:1811-01 RHSA Important: netpbm security update for RHEL 4 x86

Red Hat 2011:1811-01 RHSA Important: netpbm security update for RHEL 5 x86

Red Hat 2011:1811-01 RHSA Important: netpbm security update for RHEL 5 x86_64

Red Hat 2011:1811-01 RHSA Important: netpbm security update for RHEL 4 x86_64

Novell SUSE 2011:5523 jasper security update for SLE 11 SP1 i586

Novell SUSE 2011:5523 jasper security update for SLE 11 SP1 x86_64

Novell SUSE 2011:7878 jasper security update for SLE 10 SP4 i586

Novell SUSE 2011:7878 jasper security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:49:50