PT-2013-1170 · Openjpeg+3 · Openjpeg+3

Raphael Geissert

Publicado

2013-12-12

Atualizado

2021-02-02

CVE-2013-6052

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions OpenJPEG versions 1.3 and earlier OpenJPEG versions prior to 1.5.2

Description The issue allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read, potentially leading to disruption of confidentiality, integrity, and availability of protected information. Exploitation of the vulnerabilities can be carried out remotely.

Recommendations For OpenJPEG versions 1.3 and earlier, update to a version later than 1.3. For OpenJPEG versions prior to 1.5.2, update to version 1.5.2 or later. As a temporary workaround, consider restricting access to sensitive information until a patch is available.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2019-2337

ALT-PU-2021-1097

ALT-PU-2021-1197

BDU:2015-06455

BDU:2015-06456

BDU:2015-06457

BDU:2015-06458

BDU:2015-08985

BDU:2015-08986

BDU:2015-08987

BDU:2015-08988

BDU:2015-09772

CESA-2013_1850

CVE-2013-6052

DSA-2808-1

MGASA-2014-0005

RHSA-2013:1850

RHSA-2013_1850

Produtos afetados

Alt Linux

Centos

Openjpeg

Red Hat

PT-2013-1170 · Openjpeg+3 · Openjpeg+3

CVE-2013-6052

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 56