PT-2013-1169 · Openjpeg+3 · Openjpeg+3

Raphael Geissert

Published

2013-12-12

Updated

2023-02-10

CVE-2013-6045

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions OpenJPEG versions 1.3 and earlier OpenJPEG versions prior to 1.5.2

Description The issue involves multiple heap-based buffer overflows in OpenJPEG, which may allow remote attackers to execute arbitrary code via unspecified vectors. Exploitation of these vulnerabilities can lead to disruption of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely.

Recommendations For OpenJPEG versions 1.3 and earlier, update to a version later than 1.5.2 to resolve the issue. For OpenJPEG versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable OpenJPEG components until a patch is available.

Fix

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2019-2337

ALT-PU-2021-1097

ALT-PU-2021-1197

BDU:2015-06455

BDU:2015-06456

BDU:2015-06457

BDU:2015-06458

BDU:2015-08985

BDU:2015-08986

BDU:2015-08987

BDU:2015-08988

BDU:2015-09772

CESA-2013_1850

CVE-2013-6045

DSA-2808-1

MGASA-2014-0005

RHSA-2013:1850

RHSA-2013_1850

Affected Products

Alt Linux

Centos

Openjpeg

Red Hat

PT-2013-1169 · Openjpeg+3 · Openjpeg+3

CVE-2013-6045

Weakness Enumeration

Related Identifiers

Affected Products

References · 63