CVE-2009-5030

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions OpenJPEG versions 1.3 through 1.5

Description The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image. This is due to the tcd free encode function in tcd.c causing insufficient memory to be allocated, leading to an "invalid free." The vulnerability can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For OpenJPEG versions 1.3 through 1.5, update to version 1.5.1 or later to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2019-2337

ALT-PU-2021-1097

ALT-PU-2021-1197

BDU:2015-09686

CESA-2012_1068

CVE-2009-5030

DSA-2629-1

RHSA-2012:1068

RHSA-2012_1068

Affected Products

Alt Linux

Centos

Openjpeg

Red Hat

CVE-2009-5030

Weakness Enumeration

Related Identifiers

Affected Products

References · 55