PT-2013-1169 · Openjpeg+3 · Openjpeg+3

Raphael Geissert

Publicado

2013-12-12

Atualizado

2023-02-10

CVE-2013-6045

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions OpenJPEG versions 1.3 and earlier OpenJPEG versions prior to 1.5.2

Description The issue involves multiple heap-based buffer overflows in OpenJPEG, which may allow remote attackers to execute arbitrary code via unspecified vectors. Exploitation of these vulnerabilities can lead to disruption of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely.

Recommendations For OpenJPEG versions 1.3 and earlier, update to a version later than 1.5.2 to resolve the issue. For OpenJPEG versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable OpenJPEG components until a patch is available.

Correção

RCE

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2019-2337

ALT-PU-2021-1097

ALT-PU-2021-1197

BDU:2015-06455

BDU:2015-06456

BDU:2015-06457

BDU:2015-06458

BDU:2015-08985

BDU:2015-08986

BDU:2015-08987

BDU:2015-08988

BDU:2015-09772

CESA-2013_1850

CVE-2013-6045

DSA-2808-1

MGASA-2014-0005

RHSA-2013:1850

RHSA-2013_1850

Produtos afetados

Alt Linux

Centos

Openjpeg

Red Hat

PT-2013-1169 · Openjpeg+3 · Openjpeg+3

CVE-2013-6045

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 63