Computer Security
[EN] securityvulns.ru no-pyccku


openjpeg library security vulnerabilities
updated since 16.07.2012
Published:02.03.2013
Source:
SecurityVulns ID:12476
Type:library
Threat Level:
6/10
Description:Vulnerabilities on JPEG encoding and decoding.
Affected:OPENJPEG : OpenJPEG 1.3
CVE:CVE-2012-3535 (Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file.)
 CVE-2012-3358 (Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file.)
 CVE-2009-5030 (The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid free.")
Original documentdocumentMANDRIVA, [ MDVSA-2012:104 ] openjpeg (16.07.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod