Computer Security
[EN] securityvulns.ru no-pyccku


JasPer library security vulnerabilities
Published:19.12.2011
Source:
SecurityVulns ID:12100
Type:library
Threat Level:
5/10
Description:Buffer overflow and memory corruption on JPEG2000 parsing.
Affected:JASPER : JasPer 1.900
CVE:CVE-2011-4517 (The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a malformed JPEG2000 file.)
 CVE-2011-4516 (Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a JPEG2000 file.)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod