Lucene search

[email protected]CVE-2012-3358

HistoryJul 18, 2012 - 11:55 p.m.

CVE-2012-3358

2012-07-1823:55:03

CWE-119

[email protected]

web.nvd.nist.gov

cve-2012-3358

openjpeg

buffer overflow

denial of service

remote code execution

jpeg 2000.

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.098 Low

EPSS

Percentile

94.9%

JSON

Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file.

Affected configurations

NVD

Node

uclouvainopenjpegMatch1.5

CPENameOperatorVersion
uclouvain:openjpeguclouvain openjpegeq1.5

CPE	Name	Operator	Version
uclouvain:openjpeg	uclouvain openjpeg	eq	1.5

References

code.google.com/p/openjpeg/source/detail?r=1727

osvdb.org/83741

rhn.redhat.com/errata/RHSA-2012-1068.html

secunia.com/advisories/49913

www.mandriva.com/security/advisories?name=MDVSA-2012:104

www.openwall.com/lists/oss-security/2012/07/11/1

www.securityfocus.com/bid/54373

exchange.xforce.ibmcloud.com/vulnerabilities/76850

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.098 Low

EPSS

Percentile

94.9%

JSON

Related for CVE-2012-3358

nvd1 prion1 cvelist1 ubuntucve1 nessus11 centos1 amazon1 openvas13 oraclelinux1 securityvulns2 veracode1 redhat1 debian1 osv1 gentoo1 fedora1 freebsd1