PT-2013-1170 · Openjpeg+3 · Openjpeg+3

Raphael Geissert

·

Published

2013-12-12

·

Updated

2021-02-02

·

CVE-2013-6052

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions OpenJPEG versions 1.3 and earlier OpenJPEG versions prior to 1.5.2
Description The issue allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read, potentially leading to disruption of confidentiality, integrity, and availability of protected information. Exploitation of the vulnerabilities can be carried out remotely.
Recommendations For OpenJPEG versions 1.3 and earlier, update to a version later than 1.3. For OpenJPEG versions prior to 1.5.2, update to version 1.5.2 or later. As a temporary workaround, consider restricting access to sensitive information until a patch is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2019-2337
ALT-PU-2021-1097
ALT-PU-2021-1197
BDU:2015-06455
BDU:2015-06456
BDU:2015-06457
BDU:2015-06458
BDU:2015-08985
BDU:2015-08986
BDU:2015-08987
BDU:2015-08988
BDU:2015-09772
CESA-2013_1850
CVE-2013-6052
DSA-2808-1
MGASA-2014-0005
RHSA-2013:1850
RHSA-2013_1850

Affected Products

Alt Linux
Centos
Openjpeg
Red Hat