CVE-2013-4290

Name of the Vulnerable Software and Affected Versions OpenJPEG versions prior to 1.5.2

Description The issue concerns multiple vulnerabilities in the OpenJPEG package, which can be exploited remotely. This exploitation may lead to a breach of confidentiality, integrity, and availability of protected information. Technical details include a stack-based buffer overflow in OpenJPEG before version 1.5.2, allowing remote attackers to have an unspecified impact via unknown vectors to files such as lib/openjp3d/opj jp3d compress.c, bin/jp3d/convert.c, or lib/openjp3d/event.c.

Recommendations For OpenJPEG versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable components until a patch is applied.