Lucene search

CertccCVE-2011-4517

HistoryDec 15, 2011 - 3:57 a.m.

CVE-2011-4517

2011-12-1503:57:34

CWE-787

certcc

web.nvd.nist.gov

136

cve-2011-4517

jpc_crg_getparms

libjasper

jpc_cs.c

heap-based buffer overflow

jpeg2000

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.199

Percentile

96.4%

JSON

The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.

Affected configurations

Nvd

Node

jasper_projectjasperMatch1.900.1

Node

oracleoutside_in_technologyMatch8.3.5

oracleoutside_in_technologyMatch8.3.7

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch10.10

canonicalubuntu_linuxMatch11.04

canonicalubuntu_linuxMatch11.10

debiandebian_linuxMatch6.0

fedoraprojectfedoraMatch15

fedoraprojectfedoraMatch16

suselinux_enterprise_desktopMatch11sp1

suselinux_enterprise_serverMatch11sp1-

suselinux_enterprise_serverMatch11sp1vmware

suselinux_enterprise_software_development_kitMatch11sp1

Node

redhatenterprise_linux_desktopMatch4

VendorProductVersionCPE
jasper_projectjasper1.900.1cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*
oracleoutside_in_technology8.3.5cpe:2.3:a:oracle:outside_in_technology:8.3.5:*:*:*:*:*:*:*
oracleoutside_in_technology8.3.7cpe:2.3:a:oracle:outside_in_technology:8.3.7:*:*:*:*:*:*:*
canonicalubuntu_linux10.04cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
canonicalubuntu_linux10.10cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
canonicalubuntu_linux11.04cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
canonicalubuntu_linux11.10cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
debiandebian_linux6.0cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
fedoraprojectfedora15cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
fedoraprojectfedora16cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jasper_project	jasper	1.900.1	cpe:2.3:a:jasper_project:jasper:1.900.1:::::::*
oracle	outside_in_technology	8.3.5	cpe:2.3:a:oracle:outside_in_technology:8.3.5:::::::*
oracle	outside_in_technology	8.3.7	cpe:2.3:a:oracle:outside_in_technology:8.3.7:::::::*
canonical	ubuntu_linux	10.04	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
canonical	ubuntu_linux	10.10	cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*
canonical	ubuntu_linux	11.04	cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::*
canonical	ubuntu_linux	11.10	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
debian	debian_linux	6.0	cpe:2.3:o:debian:debian_linux:6.0:::::::*
fedoraproject	fedora	15	cpe:2.3:o:fedoraproject:fedora:15:::::::*
fedoraproject	fedora	16	cpe:2.3:o:fedoraproject:fedora:16:::::::*