CVE-2013-4289

Name of the Vulnerable Software and Affected Versions OpenJPEG versions prior to 1.5.2

Description The issue concerns multiple vulnerabilities in the OpenJPEG package, which can be exploited remotely. These vulnerabilities may lead to a breach of confidentiality, integrity, and availability of protected information. Specifically, multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before version 1.5.2 can trigger a heap-based buffer overflow, allowing remote attackers to have an unspecified impact.

Recommendations For OpenJPEG versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the lib/openjp3d/jp3d.c module to minimize the risk of exploitation. Avoid using the vulnerable OpenJPEG package until the issue is resolved.