CVE-2012-1499

Name of the Vulnerable Software and Affected Versions OpenJPEG versions prior to 1.5

Description The issue allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out remotely.

Recommendations For versions prior to 1.5, update to version 1.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the JPEG 2000 codec (jp2.c) until a patch is available. Avoid using crafted JPEG images that may trigger memory corruption in the affected codec.