Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3358

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-3358
Last Modified 19 Jul 2012 12:08:02
Published 18 Jul 2012 07:55:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3358

Summary

Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file.

Vulnerable Systems

Application

  • Openjpeg 1.5


References

XF - openjpeg-jpeg2000-bo(76850)

BID - 54373

MLIST - [oss-security] 20120711 Openjpeg: heap-buffer overflow when processing JPEG2000 image files

MANDRIVA - MDVSA-2012:104

SECUNIA - 49913

REDHAT - RHSA-2012:1068

OSVDB - 83741

CONFIRM - http://code.google.com/p/openjpeg/source/detail?r=1727


Last Updated: 27 May 2016 10:57:34