Lucene search

PRIOn knowledge basePRION:CVE-2009-5030

HistoryJul 18, 2012 - 10:55 p.m.

Memory corruption

2012-07-1822:55:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

0.045 Low

EPSS

Percentile

92.5%

JSON

The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an “invalid free.”

CPENameOperatorVersion
openjpegeq1.3
openjpegeq1.4
openjpegeq1.5

Name	Operator	Version
openjpeg	eq	1.3
openjpeg	eq	1.4
openjpeg	eq	1.5

References

rhn.redhat.com/errata/RHSA-2012-1068.html

secunia.com/advisories/48781

secunia.com/advisories/49913

www.mandriva.com/security/advisories?name=MDVSA-2012:104

www.openwall.com/lists/oss-security/2012/04/13/5

www.securityfocus.com/bid/53012

code.google.com/p/openjpeg/issues/detail?id=5

code.google.com/p/openjpeg/source/detail?r=1703

exchange.xforce.ibmcloud.com/vulnerabilities/74851

groups.google.com/forum/

lists.fedoraproject.org/pipermail/package-announce/2012-June/082923.html

lists.fedoraproject.org/pipermail/package-announce/2012-June/083105.html