CVE-2013-6054

Name of the Vulnerable Software and Affected Versions openjpeg versions prior to 1.5.2 openjpeg-1.3 openjpeg-debuginfo-1.3 openjpeg-devel-1.3 openjpeg-libs-1.3

Description The issue affects the openjpeg package in various operating systems, including CentOS, Gentoo Linux, and Red Hat Enterprise Linux. It involves multiple vulnerabilities that can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. One of the vulnerabilities is a heap-based buffer overflow in OpenJPEG 1.3.

Recommendations For openjpeg versions prior to 1.5.2, update to version 1.5.2 or later. For openjpeg-1.3, openjpeg-debuginfo-1.3, openjpeg-devel-1.3, and openjpeg-libs-1.3, consider disabling the vulnerable components until a patch is available. As a temporary workaround, restrict access to the vulnerable modules to minimize the risk of exploitation.