CVE-2012-3535

Name of the Vulnerable Software and Affected Versions OpenJPEG versions prior to 1.5.1 Gentoo Linux (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the OpenJPEG package that can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, a heap-based buffer overflow in OpenJPEG 1.5.0 and earlier versions allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file.

Recommendations For OpenJPEG versions prior to 1.5.1, update to version 1.5.1 or later to resolve the issue. For Gentoo Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.