Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-5030

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-5030
Last Modified 21 Jul 2012 11:09:00
Published 18 Jul 2012 06:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-5030

Summary

The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid free."

Vulnerable Systems

Application

  • Openjpeg 1.3

  • Openjpeg 1.4

  • Openjpeg 1.5


References

CONFIRM - https://groups.google.com/forum/#!topic/openjpeg/DLVrRKbTeI0/discussion

XF - openjpeg-tcdfreeencode-code-execution(74851)

BID - 53012

MLIST - [oss-security] 20120413 Re: CVE Request: Heap corruption in openjpeg

MANDRIVA - MDVSA-2012:104

SECUNIA - 49913

SECUNIA - 48781

REDHAT - RHSA-2012:1068

FEDORA - FEDORA-2012-9602

FEDORA - FEDORA-2012-9628

CONFIRM - http://code.google.com/p/openjpeg/source/detail?r=1703

CONFIRM - http://code.google.com/p/openjpeg/issues/detail?id=5


Last Updated: 27 May 2016 10:57:33