PT-2012-1164 · Openjpeg+4 · Openjpeg+4

Huzaifa Sidhpurwala

·

Published

2012-09-05

·

Updated

2023-02-13

·

CVE-2012-3535

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions OpenJPEG versions prior to 1.5.1 Gentoo Linux (affected versions not specified)
Description The issue concerns multiple vulnerabilities in the OpenJPEG package that can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, a heap-based buffer overflow in OpenJPEG 1.5.0 and earlier versions allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file.
Recommendations For OpenJPEG versions prior to 1.5.1, update to version 1.5.1 or later to resolve the issue. For Gentoo Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2019-2337
ALT-PU-2021-1097
ALT-PU-2021-1197
BDU:2015-09686
CESA-2012_1283
CVE-2012-3535
DSA-2629-1
RHSA-2012:1283
RHSA-2012_1283

Affected Products

Alt Linux
Centos
Gentoo Linux
Openjpeg
Red Hat