CVE-2012-3358

Name of the Vulnerable Software and Affected Versions OpenJPEG versions prior to 1.5.1

Description The issue is related to multiple heap-based buffer overflows in the j2k read sot function, which can be triggered by a crafted JPEG 2000 image file. This can cause a denial of service, leading to an application crash, and potentially allow the execution of arbitrary code. The exploitation can be done remotely, affecting the confidentiality, integrity, and availability of protected information.

Recommendations For OpenJPEG versions prior to 1.5.1, update to version 1.5.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the j2k read sot function in the j2k.c file until a patch is available. Avoid using crafted JPEG 2000 image files that may exploit the buffer overflows in the j2k read sot function.